Created
December 15, 2017 17:39
-
-
Save anonymous/f742a6557cbcf2d16ff090b50d4c2120 to your computer and use it in GitHub Desktop.
This file has been truncated, but you can view the full file.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"timestamp":"2017-12-15T03:22:06.528874+0100","flow_id":948174993723812,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64747,"proto":"TCP","drop":{"len":1492,"tos":2,"ttl":117,"ipid":21293,"tcpseq":652199829,"tcpack":3218370848,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T03:22:06.600535+0100","flow_id":948174993723812,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64747,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":21399,"tcpseq":652199829,"tcpack":3218370848,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T03:22:06.710387+0100","flow_id":948174993723812,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64747,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":21475,"tcpseq":652199829,"tcpack":3218370848,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T03:22:06.910388+0100","flow_id":948174993723812,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64747,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":21476,"tcpseq":652199829,"tcpack":3218370848,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T03:22:07.310889+0100","flow_id":948174993723812,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64747,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":21480,"tcpseq":652199829,"tcpack":3218370848,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T03:22:08.110359+0100","flow_id":948174993723812,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64747,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":21481,"tcpseq":652199829,"tcpack":3218370848,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T03:22:09.710805+0100","flow_id":948174993723812,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64747,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":21482,"tcpseq":652199829,"tcpack":3218370848,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T03:22:12.910363+0100","flow_id":948174993723812,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64747,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":21486,"tcpseq":652199829,"tcpack":3218370848,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T03:22:19.310884+0100","flow_id":948174993723812,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64747,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":21488,"tcpseq":652199829,"tcpack":3218370848,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T03:44:52.456362+0100","flow_id":560122641323399,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64761,"proto":"TCP","drop":{"len":1492,"tos":2,"ttl":117,"ipid":10714,"tcpseq":4175636607,"tcpack":561001110,"tcpwin":1023,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:13:07.326095+0100","flow_id":727667280339216,"event_type":"alert","src_ip":"192.168.1.2","src_port":57694,"dest_ip":"148.251.29.131","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013028,"rev":4,"signature":"ET POLICY curl User-Agent Outbound","category":"Attempted Information Leak","severity":2},"http":{"hostname":"sa-update.verein-clean.net","url":"\/1818096.tar.gz","http_user_agent":"curl\/7.29.0","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T04:13:07.489002+0100","flow_id":291124656960787,"event_type":"alert","src_ip":"192.168.1.2","src_port":37810,"dest_ip":"37.252.124.130","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013028,"rev":4,"signature":"ET POLICY curl User-Agent Outbound","category":"Attempted Information Leak","severity":2},"http":{"hostname":"sa-update.verein-clean.net","url":"\/1818096.tar.gz.sha1","http_user_agent":"curl\/7.29.0","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T04:13:07.552298+0100","flow_id":810637552757,"event_type":"alert","src_ip":"192.168.1.2","src_port":57698,"dest_ip":"148.251.29.131","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013028,"rev":4,"signature":"ET POLICY curl User-Agent Outbound","category":"Attempted Information Leak","severity":2},"http":{"hostname":"sa-update.verein-clean.net","url":"\/1818096.tar.gz.asc","http_user_agent":"curl\/7.29.0","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T04:19:41.466353+0100","flow_id":2250684184206440,"event_type":"drop","src_ip":"192.168.1.2","src_port":52290,"dest_ip":"95.101.114.81","dest_port":80,"proto":"TCP","drop":{"len":469,"tos":0,"ttl":64,"ipid":25123,"tcpseq":483753166,"tcpack":1372027984,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:41.586770+0100","flow_id":1532200580150102,"event_type":"drop","src_ip":"192.168.1.2","src_port":52296,"dest_ip":"95.101.114.81","dest_port":80,"proto":"TCP","drop":{"len":469,"tos":0,"ttl":64,"ipid":35588,"tcpseq":778277992,"tcpack":1950916092,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:41.586829+0100","flow_id":2054378409030478,"event_type":"drop","src_ip":"192.168.1.2","src_port":46836,"dest_ip":"95.101.114.82","dest_port":80,"proto":"TCP","drop":{"len":469,"tos":0,"ttl":64,"ipid":42264,"tcpseq":760986228,"tcpack":3151989578,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:41.687871+0100","flow_id":2250684184206440,"event_type":"drop","src_ip":"192.168.1.2","src_port":52290,"dest_ip":"95.101.114.81","dest_port":80,"proto":"TCP","drop":{"len":491,"tos":0,"ttl":64,"ipid":25126,"tcpseq":483753583,"tcpack":1372028332,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:41.808455+0100","flow_id":2054378409030478,"event_type":"drop","src_ip":"192.168.1.2","src_port":46836,"dest_ip":"95.101.114.82","dest_port":80,"proto":"TCP","drop":{"len":498,"tos":0,"ttl":64,"ipid":42267,"tcpseq":760986645,"tcpack":3151989926,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:41.808458+0100","flow_id":1532200580150102,"event_type":"drop","src_ip":"192.168.1.2","src_port":52296,"dest_ip":"95.101.114.81","dest_port":80,"proto":"TCP","drop":{"len":498,"tos":0,"ttl":64,"ipid":35591,"tcpseq":778278409,"tcpack":1950916440,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:42.112267+0100","flow_id":2250684184206440,"event_type":"alert","src_ip":"95.101.114.81","src_port":80,"dest_ip":"192.168.1.2","dest_port":52290,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:19:42.112281+0100","flow_id":2250684184206440,"event_type":"alert","src_ip":"95.101.114.81","src_port":80,"dest_ip":"192.168.1.2","dest_port":52290,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:19:42.356204+0100","flow_id":726378816106139,"event_type":"alert","src_ip":"192.168.1.2","src_port":34056,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":4,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"http":{"hostname":"151.99.72.106","url":"\/data\/0458a32f12499f8c\/au.download.windowsupdate.com\/d\/msdownload\/update\/software\/defu\/2017\/12\/am_engine_794c3bd7d914dae629a6044ad622276347f503d3.exe","http_user_agent":"Microsoft-Delivery-Optimization\/10.0","xff":"192.168.9.2","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T04:19:42.356204+0100","flow_id":726378816106139,"event_type":"drop","src_ip":"192.168.1.2","src_port":34056,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":534,"tos":0,"ttl":64,"ipid":61796,"tcpseq":783667973,"tcpack":2686186345,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:42.381089+0100","flow_id":1638698589278028,"event_type":"alert","src_ip":"192.168.1.2","src_port":59430,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":4,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"http":{"hostname":"151.99.72.114","url":"\/data\/0058892fa249838c\/au.download.windowsupdate.com\/d\/msdownload\/update\/software\/defu\/2017\/12\/am_engine_794c3bd7d914dae629a6044ad622276347f503d3.exe","http_user_agent":"Microsoft-Delivery-Optimization\/10.0","xff":"192.168.9.2","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T04:19:42.381089+0100","flow_id":1638698589278028,"event_type":"drop","src_ip":"192.168.1.2","src_port":59430,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":534,"tos":0,"ttl":64,"ipid":62857,"tcpseq":2179782649,"tcpack":4283345149,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:42.409558+0100","flow_id":1104509884243081,"event_type":"drop","src_ip":"192.168.1.2","src_port":46830,"dest_ip":"95.101.114.82","dest_port":80,"proto":"TCP","drop":{"len":469,"tos":0,"ttl":64,"ipid":48525,"tcpseq":3802571624,"tcpack":511017014,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:42.563785+0100","flow_id":726378816106139,"event_type":"drop","src_ip":"192.168.1.2","src_port":34056,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":534,"tos":0,"ttl":64,"ipid":61797,"tcpseq":783667973,"tcpack":2686186345,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T04:19:42.588719+0100","flow_id":1638698589278028,"event_type":"drop","src_ip":"192.168.1.2","src_port":59430,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":534,"tos":0,"ttl":64,"ipid":62858,"tcpseq":2179782649,"tcpack":4283345149,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T04:19:42.673579+0100","flow_id":755460039656961,"event_type":"drop","src_ip":"192.168.1.2","src_port":44264,"dest_ip":"2.20.251.10","dest_port":80,"proto":"TCP","drop":{"len":485,"tos":0,"ttl":64,"ipid":44726,"tcpseq":439848216,"tcpack":2694590225,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:43.391018+0100","flow_id":2250684184206440,"event_type":"drop","src_ip":"192.168.1.2","src_port":52290,"dest_ip":"95.101.114.81","dest_port":80,"proto":"TCP","drop":{"len":468,"tos":0,"ttl":64,"ipid":25319,"tcpseq":483754022,"tcpack":1372574171,"tcpwin":3849,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:43.402030+0100","flow_id":938240962928948,"event_type":"drop","src_ip":"192.168.1.2","src_port":46858,"dest_ip":"95.101.114.82","dest_port":80,"proto":"TCP","drop":{"len":468,"tos":0,"ttl":64,"ipid":42046,"tcpseq":702513736,"tcpack":3399137737,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:43.609958+0100","flow_id":2250684184206440,"event_type":"drop","src_ip":"192.168.1.2","src_port":52290,"dest_ip":"95.101.114.81","dest_port":80,"proto":"TCP","drop":{"len":499,"tos":0,"ttl":64,"ipid":25322,"tcpseq":483754438,"tcpack":1372574522,"tcpwin":3849,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:43.622677+0100","flow_id":938240962928948,"event_type":"drop","src_ip":"192.168.1.2","src_port":46858,"dest_ip":"95.101.114.82","dest_port":80,"proto":"TCP","drop":{"len":499,"tos":0,"ttl":64,"ipid":42049,"tcpseq":702514152,"tcpack":3399138088,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:44.167671+0100","flow_id":357419650682461,"event_type":"alert","src_ip":"192.168.1.2","src_port":34070,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":4,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"http":{"hostname":"151.99.72.106","url":"\/data\/04581a2f8350c3a4\/au.download.windowsupdate.com\/d\/msdownload\/update\/software\/defu\/2017\/12\/am_base_ce3e08a7114490a68adbd0dd9c7ecbdd821706ff.exe","http_user_agent":"Microsoft-Delivery-Optimization\/10.0","xff":"192.168.9.2","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T04:19:44.167671+0100","flow_id":357419650682461,"event_type":"drop","src_ip":"192.168.1.2","src_port":34070,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":535,"tos":0,"ttl":64,"ipid":63928,"tcpseq":51368141,"tcpack":3839762289,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:44.362924+0100","flow_id":1957808217032892,"event_type":"alert","src_ip":"192.168.1.2","src_port":59446,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":4,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"http":{"hostname":"151.99.72.114","url":"\/data\/0058982f14506696\/au.download.windowsupdate.com\/d\/msdownload\/update\/software\/defu\/2017\/12\/am_base_ce3e08a7114490a68adbd0dd9c7ecbdd821706ff.exe","http_user_agent":"Microsoft-Delivery-Optimization\/10.0","xff":"192.168.9.2","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T04:19:44.362924+0100","flow_id":1957808217032892,"event_type":"drop","src_ip":"192.168.1.2","src_port":59446,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":535,"tos":0,"ttl":64,"ipid":12479,"tcpseq":1754143361,"tcpack":1158341184,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:44.374695+0100","flow_id":357419650682461,"event_type":"drop","src_ip":"192.168.1.2","src_port":34070,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":535,"tos":0,"ttl":64,"ipid":63929,"tcpseq":51368141,"tcpack":3839762289,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T04:19:44.400496+0100","flow_id":1104509884243081,"event_type":"drop","src_ip":"192.168.1.2","src_port":46830,"dest_ip":"95.101.114.82","dest_port":80,"proto":"TCP","drop":{"len":469,"tos":0,"ttl":64,"ipid":48528,"tcpseq":3802572041,"tcpack":511017362,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:44.408341+0100","flow_id":2041081190431238,"event_type":"drop","src_ip":"192.168.1.2","src_port":52326,"dest_ip":"95.101.114.81","dest_port":80,"proto":"TCP","drop":{"len":469,"tos":0,"ttl":64,"ipid":3754,"tcpseq":3508085955,"tcpack":966737732,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:44.630303+0100","flow_id":2041081190431238,"event_type":"drop","src_ip":"192.168.1.2","src_port":52326,"dest_ip":"95.101.114.81","dest_port":80,"proto":"TCP","drop":{"len":498,"tos":0,"ttl":64,"ipid":3757,"tcpseq":3508086372,"tcpack":966738079,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:44.570719+0100","flow_id":1957808217032892,"event_type":"drop","src_ip":"192.168.1.2","src_port":59446,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":535,"tos":0,"ttl":64,"ipid":12480,"tcpseq":1754143361,"tcpack":1158341184,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T04:19:45.425609+0100","flow_id":1294907932245522,"event_type":"alert","src_ip":"192.168.1.2","src_port":34082,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":4,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"http":{"hostname":"151.99.72.106","url":"\/data\/0058f92fd8547792\/au.download.windowsupdate.com\/d\/msdownload\/update\/software\/defu\/2017\/12\/am_delta_b4a5f0f8cf6ea28fcf50f8476dc0f719d1c538a3.exe","http_user_agent":"Microsoft-Delivery-Optimization\/10.0","xff":"192.168.9.2","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T04:19:45.425609+0100","flow_id":1294907932245522,"event_type":"drop","src_ip":"192.168.1.2","src_port":34082,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":534,"tos":0,"ttl":64,"ipid":63631,"tcpseq":3683047146,"tcpack":905064611,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:45.632716+0100","flow_id":1294907932245522,"event_type":"drop","src_ip":"192.168.1.2","src_port":34082,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":534,"tos":0,"ttl":64,"ipid":63632,"tcpseq":3683047146,"tcpack":905064611,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T04:19:49.471299+0100","flow_id":1104509884243081,"event_type":"drop","src_ip":"192.168.1.2","src_port":46830,"dest_ip":"95.101.114.82","dest_port":80,"proto":"TCP","drop":{"len":498,"tos":0,"ttl":64,"ipid":48530,"tcpseq":3802572458,"tcpack":511017709,"tcpwin":245,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:52.779745+0100","flow_id":1104509884243081,"event_type":"drop","src_ip":"192.168.1.2","src_port":46830,"dest_ip":"95.101.114.82","dest_port":80,"proto":"TCP","drop":{"len":498,"tos":0,"ttl":64,"ipid":48952,"tcpseq":3802572904,"tcpack":512066691,"tcpwin":2162,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:57.828069+0100","flow_id":1104509884243081,"event_type":"drop","src_ip":"192.168.1.2","src_port":46830,"dest_ip":"95.101.114.82","dest_port":80,"proto":"TCP","drop":{"len":498,"tos":0,"ttl":64,"ipid":49389,"tcpseq":3802573350,"tcpack":513115673,"tcpwin":4142,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:19:59.837166+0100","flow_id":1104509884243081,"event_type":"drop","src_ip":"192.168.1.2","src_port":46830,"dest_ip":"95.101.114.82","dest_port":80,"proto":"TCP","drop":{"len":498,"tos":0,"ttl":64,"ipid":49764,"tcpseq":3802573796,"tcpack":514164655,"tcpwin":4488,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:20:03.746848+0100","flow_id":1104509884243081,"event_type":"drop","src_ip":"192.168.1.2","src_port":46830,"dest_ip":"95.101.114.82","dest_port":80,"proto":"TCP","drop":{"len":492,"tos":0,"ttl":64,"ipid":49789,"tcpseq":3802574242,"tcpack":514204243,"tcpwin":4488,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:20:05.785741+0100","flow_id":1104509884243081,"event_type":"alert","src_ip":"95.101.114.82","src_port":80,"dest_ip":"192.168.1.2","dest_port":46830,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:20:05.785753+0100","flow_id":1104509884243081,"event_type":"alert","src_ip":"95.101.114.82","src_port":80,"dest_ip":"192.168.1.2","dest_port":46830,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:20:06.051058+0100","flow_id":1104509884243081,"event_type":"drop","src_ip":"192.168.1.2","src_port":46830,"dest_ip":"95.101.114.82","dest_port":80,"proto":"TCP","drop":{"len":498,"tos":0,"ttl":64,"ipid":50156,"tcpseq":3802574682,"tcpack":515253219,"tcpwin":4488,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:20:10.281235+0100","flow_id":1104509884243081,"event_type":"drop","src_ip":"192.168.1.2","src_port":46830,"dest_ip":"95.101.114.82","dest_port":80,"proto":"TCP","drop":{"len":498,"tos":0,"ttl":64,"ipid":50646,"tcpseq":3802575128,"tcpack":516302201,"tcpwin":4488,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:26:20.937696+0100","flow_id":1346651530402766,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64776,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2012252,"rev":3,"signature":"ET SHELLCODE Common 0a0a0a0a Heap Spray String","category":"Executable code was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:29:22.227082+0100","flow_id":1346651530402766,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64776,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:37:27.493810+0100","flow_id":657818322815694,"event_type":"alert","src_ip":"192.168.8.4","src_port":3389,"dest_ip":"141.105.69.190","dest_port":60000,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T04:37:37.701815+0100","flow_id":657818322815694,"event_type":"alert","src_ip":"192.168.8.4","src_port":3389,"dest_ip":"141.105.69.190","dest_port":60000,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T04:38:38.000353+0100","flow_id":657818322815694,"event_type":"alert","src_ip":"192.168.8.4","src_port":3389,"dest_ip":"141.105.69.190","dest_port":60000,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T04:38:38.000354+0100","flow_id":657818322815694,"event_type":"alert","src_ip":"192.168.8.4","src_port":3389,"dest_ip":"141.105.69.190","dest_port":60000,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T04:40:59.696642+0100","flow_id":1931001262202081,"event_type":"alert","src_ip":"192.168.8.4","src_port":3389,"dest_ip":"62.173.142.74","dest_port":64807,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T04:40:59.790586+0100","flow_id":1931001262202081,"event_type":"alert","src_ip":"192.168.8.4","src_port":3389,"dest_ip":"62.173.142.74","dest_port":64807,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T04:40:59.791127+0100","flow_id":1931001262202081,"event_type":"alert","src_ip":"192.168.8.4","src_port":3389,"dest_ip":"62.173.142.74","dest_port":64807,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T04:40:59.870489+0100","flow_id":1376613326072846,"event_type":"alert","src_ip":"192.168.8.4","src_port":3389,"dest_ip":"62.173.142.74","dest_port":64809,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T04:40:59.963016+0100","flow_id":1376613326072846,"event_type":"alert","src_ip":"192.168.8.4","src_port":3389,"dest_ip":"62.173.142.74","dest_port":64809,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T04:40:59.963117+0100","flow_id":1376613326072846,"event_type":"alert","src_ip":"192.168.8.4","src_port":3389,"dest_ip":"62.173.142.74","dest_port":64809,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T04:42:00.000406+0100","flow_id":1376613326072846,"event_type":"alert","src_ip":"192.168.8.4","src_port":3389,"dest_ip":"62.173.142.74","dest_port":64809,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T04:42:00.000375+0100","flow_id":1931001262202081,"event_type":"alert","src_ip":"192.168.8.4","src_port":3389,"dest_ip":"62.173.142.74","dest_port":64807,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T04:42:00.000406+0100","flow_id":1376613326072846,"event_type":"alert","src_ip":"192.168.8.4","src_port":3389,"dest_ip":"62.173.142.74","dest_port":64809,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T04:42:00.000375+0100","flow_id":1931001262202081,"event_type":"alert","src_ip":"192.168.8.4","src_port":3389,"dest_ip":"62.173.142.74","dest_port":64807,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T04:43:14.650217+0100","flow_id":1025918517388304,"event_type":"drop","src_ip":"192.168.8.4","src_port":64788,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":292,"tos":2,"ttl":127,"ipid":23494,"tcpseq":327460742,"tcpack":1562339655,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:43:14.701885+0100","flow_id":1025918517388304,"event_type":"drop","src_ip":"192.168.8.4","src_port":64788,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":343,"tos":2,"ttl":127,"ipid":23496,"tcpseq":327460994,"tcpack":1562340200,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:43:14.743399+0100","flow_id":1025918517388304,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64788,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:43:14.743446+0100","flow_id":1025918517388304,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64788,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:43:14.890396+0100","flow_id":1025918517388304,"event_type":"drop","src_ip":"192.168.8.4","src_port":64788,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":23556,"tcpseq":327461297,"tcpack":1562622617,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:43:14.943601+0100","flow_id":1025918517388304,"event_type":"drop","src_ip":"192.168.8.4","src_port":64788,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":23558,"tcpseq":327461567,"tcpack":1562623162,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:43:14.988594+0100","flow_id":1025918517388304,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64788,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:43:14.988637+0100","flow_id":1025918517388304,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64788,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:43:15.216922+0100","flow_id":1025918517388304,"event_type":"drop","src_ip":"192.168.8.4","src_port":64788,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":292,"tos":2,"ttl":127,"ipid":23952,"tcpseq":327461888,"tcpack":1564164587,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:43:15.269222+0100","flow_id":1025918517388304,"event_type":"drop","src_ip":"192.168.8.4","src_port":64788,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":367,"tos":2,"ttl":127,"ipid":23954,"tcpseq":327462140,"tcpack":1564165132,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:43:15.314861+0100","flow_id":1025918517388304,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64788,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:43:15.315045+0100","flow_id":1025918517388304,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64788,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:43:16.290380+0100","flow_id":1025918517388304,"event_type":"drop","src_ip":"192.168.8.4","src_port":64788,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":373,"tos":2,"ttl":127,"ipid":25532,"tcpseq":327462467,"tcpack":1570969507,"tcpwin":8233,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:43:16.670904+0100","flow_id":1025918517388304,"event_type":"drop","src_ip":"192.168.8.4","src_port":64788,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":292,"tos":2,"ttl":127,"ipid":25612,"tcpseq":327462800,"tcpack":1571256781,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:43:16.720324+0100","flow_id":1025918517388304,"event_type":"drop","src_ip":"192.168.8.4","src_port":64788,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":343,"tos":2,"ttl":127,"ipid":25614,"tcpseq":327463052,"tcpack":1571257325,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:43:16.766651+0100","flow_id":1025918517388304,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64788,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:43:16.766698+0100","flow_id":1025918517388304,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64788,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:43:16.794612+0100","flow_id":1025918517388304,"event_type":"drop","src_ip":"192.168.8.4","src_port":64788,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":25676,"tcpseq":327463355,"tcpack":1571587869,"tcpwin":8231,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:43:16.843040+0100","flow_id":1025918517388304,"event_type":"drop","src_ip":"192.168.8.4","src_port":64788,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":25678,"tcpseq":327463625,"tcpack":1571588414,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:43:16.897053+0100","flow_id":1025918517388304,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64788,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:43:16.897518+0100","flow_id":1025918517388304,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64788,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:43:17.030864+0100","flow_id":1025918517388304,"event_type":"drop","src_ip":"192.168.8.4","src_port":64788,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":25952,"tcpseq":327463946,"tcpack":1572937839,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:43:17.085371+0100","flow_id":1025918517388304,"event_type":"drop","src_ip":"192.168.8.4","src_port":64788,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":25954,"tcpseq":327464216,"tcpack":1572938384,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:43:17.130414+0100","flow_id":1025918517388304,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64788,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:43:17.130461+0100","flow_id":1025918517388304,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64788,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:50:11.371989+0100","flow_id":857768421238544,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64791,"proto":"TCP","drop":{"len":1492,"tos":2,"ttl":117,"ipid":15918,"tcpseq":299120094,"tcpack":2944973403,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:50:11.877893+0100","flow_id":857768421238544,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64791,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":16029,"tcpseq":299120094,"tcpack":2944973403,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:50:12.311031+0100","flow_id":857768421238544,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64791,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":16030,"tcpseq":299120094,"tcpack":2944973403,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:50:13.159643+0100","flow_id":857768421238544,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64791,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":16039,"tcpseq":299120094,"tcpack":2944973403,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:50:14.855284+0100","flow_id":857768421238544,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64791,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":16353,"tcpseq":299120094,"tcpack":2944973403,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:50:18.246960+0100","flow_id":857768421238544,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64791,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":17099,"tcpseq":299120094,"tcpack":2944973403,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:50:25.031682+0100","flow_id":857768421238544,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64791,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":18560,"tcpseq":299120094,"tcpack":2944973403,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:27.877678+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":20863,"tcpseq":221892231,"tcpack":753792053,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:27.975180+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":384,"tos":2,"ttl":127,"ipid":20866,"tcpseq":221892501,"tcpack":753792599,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:28.023978+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:53:28.024029+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:53:29.006842+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":390,"tos":2,"ttl":127,"ipid":20983,"tcpseq":221892845,"tcpack":754285637,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:29.892990+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":21158,"tcpseq":221893195,"tcpack":755130903,"tcpwin":8229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:29.948596+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":21160,"tcpseq":221893465,"tcpack":755131447,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:29.998976+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:53:29.999024+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:53:30.568635+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":21580,"tcpseq":221893786,"tcpack":756712295,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:30.620758+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":21582,"tcpseq":221894056,"tcpack":756712841,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:30.672671+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:53:30.672719+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:53:30.846794+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":21817,"tcpseq":221894377,"tcpack":757850811,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:31.517599+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":21820,"tcpseq":221894647,"tcpack":757851356,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:31.571172+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:53:31.571221+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:53:31.657630+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":22088,"tcpseq":221894968,"tcpack":758981645,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:31.714474+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":22090,"tcpseq":221895238,"tcpack":758982191,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:31.766418+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:53:31.766466+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:53:31.832400+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":22340,"tcpseq":221895559,"tcpack":760001377,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:31.888743+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":22342,"tcpseq":221895829,"tcpack":760001923,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:31.939227+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:53:31.939274+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:53:32.035503+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":22702,"tcpseq":221896150,"tcpack":761537717,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:32.089885+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":22704,"tcpseq":221896420,"tcpack":761538262,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:32.141475+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:53:32.141523+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:53:32.547760+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":22948,"tcpseq":221896741,"tcpack":762681343,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:32.602272+0100","flow_id":2191102383177814,"event_type":"drop","src_ip":"192.168.8.4","src_port":64794,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":22950,"tcpseq":221897011,"tcpack":762681889,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T04:53:32.654423+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:53:32.654472+0100","flow_id":2191102383177814,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64794,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:03.271249+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":370,"tos":0,"ttl":64,"ipid":54555,"tcpseq":3357755627,"tcpack":1214589923,"tcpwin":245,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:03.496373+0100","flow_id":1625212527012325,"event_type":"drop","src_ip":"192.168.1.2","src_port":39518,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":384,"tos":0,"ttl":64,"ipid":58490,"tcpseq":3813897041,"tcpack":4059023073,"tcpwin":245,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:04.138255+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":420,"tos":0,"ttl":64,"ipid":1449,"tcpseq":624202251,"tcpack":2003621440,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:05.140714+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54560,"tcpseq":3357756245,"tcpack":1214590502,"tcpwin":262,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:05.364758+0100","flow_id":2203783276656085,"event_type":"drop","src_ip":"192.168.1.2","src_port":39522,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":20562,"tcpseq":2299710864,"tcpack":2678201651,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:05.589598+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":1452,"tcpseq":624202619,"tcpack":2003622448,"tcpwin":244,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:06.798873+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54565,"tcpseq":3357756874,"tcpack":1214591082,"tcpwin":279,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:07.023669+0100","flow_id":725887177653770,"event_type":"drop","src_ip":"192.168.1.2","src_port":39524,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":60798,"tcpseq":2543341865,"tcpack":3429222813,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:07.705227+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":20952,"tcpseq":2352542731,"tcpack":3178752204,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:08.836384+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":370,"tos":0,"ttl":64,"ipid":54568,"tcpseq":3357757203,"tcpack":1214591372,"tcpwin":287,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:09.277035+0100","flow_id":1650026700945602,"event_type":"drop","src_ip":"192.168.1.2","src_port":39528,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":384,"tos":0,"ttl":64,"ipid":2964,"tcpseq":2602215389,"tcpack":2515496216,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:09.576539+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":420,"tos":0,"ttl":64,"ipid":1462,"tcpseq":624202998,"tcpack":2003633595,"tcpwin":424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:10.599276+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54571,"tcpseq":3357757521,"tcpack":1214591661,"tcpwin":296,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:10.831294+0100","flow_id":568931893030397,"event_type":"drop","src_ip":"192.168.1.2","src_port":39530,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":59797,"tcpseq":544693235,"tcpack":545974182,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:11.400620+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":1465,"tcpseq":624203366,"tcpack":2003634603,"tcpwin":447,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:13.001247+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":373,"tos":0,"ttl":64,"ipid":54574,"tcpseq":3357757850,"tcpack":1214591951,"tcpwin":304,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:13.442061+0100","flow_id":1778671709175185,"event_type":"drop","src_ip":"192.168.1.2","src_port":39532,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":387,"tos":0,"ttl":64,"ipid":19550,"tcpseq":200667344,"tcpack":711518885,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:13.831178+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":423,"tos":0,"ttl":64,"ipid":20963,"tcpseq":2352543110,"tcpack":3178763351,"tcpwin":409,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:14.379638+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54577,"tcpseq":3357758171,"tcpack":1214592240,"tcpwin":312,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:14.628227+0100","flow_id":407748213118151,"event_type":"drop","src_ip":"192.168.1.2","src_port":39534,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":15252,"tcpseq":834534056,"tcpack":3664620505,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:14.884078+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":1496,"tcpseq":624203745,"tcpack":2003676345,"tcpwin":1099,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:15.417393+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":374,"tos":0,"ttl":64,"ipid":54580,"tcpseq":3357758500,"tcpack":1214592530,"tcpwin":321,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:15.902270+0100","flow_id":1169037608822779,"event_type":"drop","src_ip":"192.168.1.2","src_port":39538,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":388,"tos":0,"ttl":64,"ipid":55076,"tcpseq":2035159339,"tcpack":1701307969,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:16.423156+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":424,"tos":0,"ttl":64,"ipid":20967,"tcpseq":2352543481,"tcpack":3178764907,"tcpwin":431,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:17.487587+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54583,"tcpseq":3357758822,"tcpack":1214592819,"tcpwin":329,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:17.719956+0100","flow_id":1358175083821864,"event_type":"drop","src_ip":"192.168.1.2","src_port":39540,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":63050,"tcpseq":2380217091,"tcpack":3175576279,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:17.997991+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":1500,"tcpseq":624204124,"tcpack":2003678905,"tcpwin":1144,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:19.533128+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":374,"tos":0,"ttl":64,"ipid":54586,"tcpseq":3357759151,"tcpack":1214593109,"tcpwin":337,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:19.978268+0100","flow_id":963684485295129,"event_type":"drop","src_ip":"192.168.1.2","src_port":39542,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":388,"tos":0,"ttl":64,"ipid":56012,"tcpseq":2485718231,"tcpack":329202651,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:20.508182+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":424,"tos":0,"ttl":64,"ipid":20970,"tcpseq":2352543853,"tcpack":3178765818,"tcpwin":454,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:21.601473+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54589,"tcpseq":3357759473,"tcpack":1214593398,"tcpwin":346,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:21.833667+0100","flow_id":2181125177718685,"event_type":"drop","src_ip":"192.168.1.2","src_port":39544,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":41888,"tcpseq":2281012931,"tcpack":2925530715,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:22.151121+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":1506,"tcpseq":624204503,"tcpack":2003683550,"tcpwin":1234,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:23.605855+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":374,"tos":0,"ttl":64,"ipid":54592,"tcpseq":3357759802,"tcpack":1214593688,"tcpwin":354,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:24.048245+0100","flow_id":1731100652125040,"event_type":"drop","src_ip":"192.168.1.2","src_port":39550,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":388,"tos":0,"ttl":64,"ipid":13880,"tcpseq":2894385205,"tcpack":2226703578,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:24.631835+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":424,"tos":0,"ttl":64,"ipid":1523,"tcpseq":624204882,"tcpack":2003704941,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:26.640214+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54595,"tcpseq":3357760124,"tcpack":1214593977,"tcpwin":363,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:26.872232+0100","flow_id":1641288591101431,"event_type":"drop","src_ip":"192.168.1.2","src_port":39552,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":19731,"tcpseq":2113649692,"tcpack":4274838275,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:27.303364+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":1526,"tcpseq":624205254,"tcpack":2003705883,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:28.723558+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":374,"tos":0,"ttl":64,"ipid":54598,"tcpseq":3357760453,"tcpack":1214594267,"tcpwin":371,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:29.771967+0100","flow_id":1774275811182895,"event_type":"drop","src_ip":"192.168.1.2","src_port":39554,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":388,"tos":0,"ttl":64,"ipid":9760,"tcpseq":1315298335,"tcpack":2965012545,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:31.184267+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":424,"tos":0,"ttl":64,"ipid":20976,"tcpseq":2352544225,"tcpack":3178770195,"tcpwin":521,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:32.505592+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54601,"tcpseq":3357760775,"tcpack":1214594556,"tcpwin":379,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:33.274814+0100","flow_id":471497982172,"event_type":"drop","src_ip":"192.168.1.2","src_port":39558,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":21247,"tcpseq":632116495,"tcpack":3672779950,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:34.609732+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":20979,"tcpseq":2352544597,"tcpack":3178771061,"tcpwin":544,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:35.691012+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":376,"tos":0,"ttl":64,"ipid":54604,"tcpseq":3357761104,"tcpack":1214594846,"tcpwin":388,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:36.131531+0100","flow_id":2164151467901134,"event_type":"drop","src_ip":"192.168.1.2","src_port":39560,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":390,"tos":0,"ttl":64,"ipid":16467,"tcpseq":1657165157,"tcpack":3803186811,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:36.411642+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":426,"tos":0,"ttl":64,"ipid":1537,"tcpseq":624205633,"tcpack":2003717841,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:38.747658+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54607,"tcpseq":3357761428,"tcpack":1214595135,"tcpwin":396,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:38.978540+0100","flow_id":1070412276362534,"event_type":"drop","src_ip":"192.168.1.2","src_port":39564,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":39496,"tcpseq":1172683283,"tcpack":628668963,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:39.542955+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":21016,"tcpseq":2352544976,"tcpack":3178821078,"tcpwin":1331,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:41.871265+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":374,"tos":0,"ttl":64,"ipid":54610,"tcpseq":3357761757,"tcpack":1214595425,"tcpwin":404,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:42.311524+0100","flow_id":878882505015209,"event_type":"drop","src_ip":"192.168.1.2","src_port":39566,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":388,"tos":0,"ttl":64,"ipid":58888,"tcpseq":2908932960,"tcpack":333492319,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:42.658131+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":424,"tos":0,"ttl":64,"ipid":21065,"tcpseq":2352545355,"tcpack":3178899766,"tcpwin":1847,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:43.886853+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54613,"tcpseq":3357762079,"tcpack":1214595714,"tcpwin":413,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:44.680747+0100","flow_id":240611710258139,"event_type":"drop","src_ip":"192.168.1.2","src_port":39568,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":30454,"tcpseq":1818182301,"tcpack":445922969,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:45.934666+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":1540,"tcpseq":624206007,"tcpack":2003718755,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:46.965080+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":375,"tos":0,"ttl":64,"ipid":54616,"tcpseq":3357762408,"tcpack":1214596004,"tcpwin":421,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:47.781562+0100","flow_id":123041275653857,"event_type":"drop","src_ip":"192.168.1.2","src_port":39570,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":389,"tos":0,"ttl":64,"ipid":22614,"tcpseq":2015238421,"tcpack":369608435,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:48.979072+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":425,"tos":0,"ttl":64,"ipid":21068,"tcpseq":2352545727,"tcpack":3178900866,"tcpwin":1847,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:51.060715+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54619,"tcpseq":3357762731,"tcpack":1214596293,"tcpwin":430,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:51.291679+0100","flow_id":1763093865263793,"event_type":"drop","src_ip":"192.168.1.2","src_port":39574,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":27953,"tcpseq":3073129794,"tcpack":2395080551,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:52.374150+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":21072,"tcpseq":2352546100,"tcpack":3178903243,"tcpwin":1847,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:53.455076+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54622,"tcpseq":3357763060,"tcpack":1214596583,"tcpwin":438,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:54.538991+0100","flow_id":2046069933188914,"event_type":"drop","src_ip":"192.168.1.2","src_port":39576,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":43892,"tcpseq":3700748780,"tcpack":2586470619,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:56.652013+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":1561,"tcpseq":624206386,"tcpack":2003748896,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:58.767927+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54625,"tcpseq":3357763389,"tcpack":1214596873,"tcpwin":446,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:54:59.706870+0100","flow_id":1977470715887834,"event_type":"drop","src_ip":"192.168.1.2","src_port":39578,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":38000,"tcpseq":1931016933,"tcpack":2462923106,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:01.998746+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":21106,"tcpseq":2352546479,"tcpack":3178971104,"tcpwin":1847,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:07.288663+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54628,"tcpseq":3357763718,"tcpack":1214597163,"tcpwin":455,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:07.772080+0100","flow_id":167367486981816,"event_type":"drop","src_ip":"192.168.1.2","src_port":39580,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":25620,"tcpseq":1392571613,"tcpack":2390599409,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:08.114944+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":1601,"tcpseq":624206765,"tcpack":2003823202,"tcpwin":1604,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:09.250980+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54631,"tcpseq":3357764047,"tcpack":1214597453,"tcpwin":463,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:09.481683+0100","flow_id":656199189878991,"event_type":"drop","src_ip":"192.168.1.2","src_port":39582,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":41994,"tcpseq":2232759157,"tcpack":2847244590,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:10.267896+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":1653,"tcpseq":624207144,"tcpack":2003897416,"tcpwin":2297,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:12.358734+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":381,"tos":0,"ttl":64,"ipid":54634,"tcpseq":3357764376,"tcpack":1214597743,"tcpwin":471,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:12.799740+0100","flow_id":1856779988251473,"event_type":"drop","src_ip":"192.168.1.2","src_port":39584,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":395,"tos":0,"ttl":64,"ipid":3780,"tcpseq":2706549428,"tcpack":4262000760,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:13.357342+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":64,"ipid":1676,"tcpseq":624207523,"tcpack":2003933787,"tcpwin":2297,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:14.429727+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":383,"tos":0,"ttl":64,"ipid":54637,"tcpseq":3357764705,"tcpack":1214598033,"tcpwin":480,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:15.416466+0100","flow_id":1823925636044592,"event_type":"drop","src_ip":"192.168.1.2","src_port":39586,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":397,"tos":0,"ttl":64,"ipid":58918,"tcpseq":1223708052,"tcpack":3468591474,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:17.448136+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":433,"tos":0,"ttl":64,"ipid":21198,"tcpseq":2352546858,"tcpack":3179173387,"tcpwin":1847,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:26.130923+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":383,"tos":0,"ttl":64,"ipid":54640,"tcpseq":3357765036,"tcpack":1214598323,"tcpwin":488,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:26.821644+0100","flow_id":896367319757779,"event_type":"drop","src_ip":"192.168.1.2","src_port":39592,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":397,"tos":0,"ttl":64,"ipid":52413,"tcpseq":1935349383,"tcpack":673636520,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:27.423991+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":433,"tos":0,"ttl":64,"ipid":1704,"tcpseq":624207902,"tcpack":2003985366,"tcpwin":2297,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:31.551744+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":383,"tos":0,"ttl":64,"ipid":54643,"tcpseq":3357765367,"tcpack":1214598613,"tcpwin":497,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:31.973070+0100","flow_id":1278181322781421,"event_type":"drop","src_ip":"192.168.1.2","src_port":39596,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":397,"tos":0,"ttl":64,"ipid":43686,"tcpseq":2138522686,"tcpack":112482450,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:32.506750+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":433,"tos":0,"ttl":64,"ipid":2346,"tcpseq":624208283,"tcpack":2005486913,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:35.652289+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":383,"tos":0,"ttl":64,"ipid":54646,"tcpseq":3357765698,"tcpack":1214598903,"tcpwin":505,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:36.091583+0100","flow_id":1886937102705846,"event_type":"drop","src_ip":"192.168.1.2","src_port":39598,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":397,"tos":0,"ttl":64,"ipid":29653,"tcpseq":945786046,"tcpack":1374108580,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:36.485759+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":433,"tos":0,"ttl":64,"ipid":3079,"tcpseq":624208664,"tcpack":2007531875,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:45.812057+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54649,"tcpseq":3357766029,"tcpack":1214599193,"tcpwin":513,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:46.040342+0100","flow_id":1007310621285487,"event_type":"drop","src_ip":"192.168.1.2","src_port":39612,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":49248,"tcpseq":2137646613,"tcpack":1347805155,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:46.450093+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":24207,"tcpseq":2352547239,"tcpack":3188000651,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:48.865119+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54652,"tcpseq":3357766362,"tcpack":1214599483,"tcpwin":522,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:49.543834+0100","flow_id":1701845487965294,"event_type":"drop","src_ip":"192.168.1.2","src_port":39614,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":45248,"tcpseq":3436413866,"tcpack":3804719019,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:50.853833+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":4348,"tcpseq":624209045,"tcpack":2011027238,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:51.870388+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54655,"tcpseq":3357766690,"tcpack":1214599772,"tcpwin":530,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:52.102032+0100","flow_id":639423050452434,"event_type":"drop","src_ip":"192.168.1.2","src_port":39618,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":40552,"tcpseq":4201620383,"tcpack":1565788796,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:52.563316+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":4356,"tcpseq":624209423,"tcpack":2011034538,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:53.990140+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54658,"tcpseq":3357767023,"tcpack":1214600062,"tcpwin":538,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:54.430249+0100","flow_id":786499910668160,"event_type":"drop","src_ip":"192.168.1.2","src_port":39620,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":379,"tcpseq":3403630199,"tcpack":1542536630,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:54.966300+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":4391,"tcpseq":624209806,"tcpack":2011105584,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:56.017440+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54661,"tcpseq":3357767351,"tcpack":1214600351,"tcpwin":547,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:56.249243+0100","flow_id":182442825403415,"event_type":"drop","src_ip":"192.168.1.2","src_port":39622,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":24787,"tcpseq":2068459259,"tcpack":14208027,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:57.184977+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":24234,"tcpseq":2352547622,"tcpack":3188049385,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:58.300539+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54664,"tcpseq":3357767684,"tcpack":1214600641,"tcpwin":555,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:58.739644+0100","flow_id":433382732220479,"event_type":"drop","src_ip":"192.168.1.2","src_port":39626,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":59378,"tcpseq":3695816727,"tcpack":2499396507,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:55:59.123213+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":4400,"tcpseq":624210184,"tcpack":2011112812,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:00.744313+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54667,"tcpseq":3357768012,"tcpack":1214600930,"tcpwin":564,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:01.170295+0100","flow_id":1701604970521329,"event_type":"drop","src_ip":"192.168.1.2","src_port":39628,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":64816,"tcpseq":2103745933,"tcpack":2631913835,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:01.688056+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":4425,"tcpseq":624210562,"tcpack":2011155471,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:02.688577+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54670,"tcpseq":3357768345,"tcpack":1214601220,"tcpwin":572,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:03.212913+0100","flow_id":1831450421977749,"event_type":"drop","src_ip":"192.168.1.2","src_port":39630,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":1031,"tcpseq":126709028,"tcpack":1215435084,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:03.685595+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":24264,"tcpseq":2352548005,"tcpack":3188103835,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:05.827868+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54673,"tcpseq":3357768673,"tcpack":1214601509,"tcpwin":580,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:06.063772+0100","flow_id":1373510271694929,"event_type":"drop","src_ip":"192.168.1.2","src_port":39632,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":41886,"tcpseq":3579762463,"tcpack":1028629087,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:06.306162+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":24270,"tcpseq":2352548383,"tcpack":3188108956,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:07.868008+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54676,"tcpseq":3357769006,"tcpack":1214601799,"tcpwin":589,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:08.365661+0100","flow_id":380591142376390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39634,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":39337,"tcpseq":2220811488,"tcpack":3751331603,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:08.769333+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":24317,"tcpseq":2352548766,"tcpack":3188212866,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:10.866956+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54679,"tcpseq":3357769334,"tcpack":1214602088,"tcpwin":597,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:11.100805+0100","flow_id":1393576359201027,"event_type":"drop","src_ip":"192.168.1.2","src_port":39636,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":5153,"tcpseq":2228853809,"tcpack":2675277383,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:11.428097+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":4445,"tcpseq":624210945,"tcpack":2011182912,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:12.954976+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54682,"tcpseq":3357769667,"tcpack":1214602378,"tcpwin":605,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:13.400732+0100","flow_id":961872016514266,"event_type":"drop","src_ip":"192.168.1.2","src_port":39638,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":56285,"tcpseq":2541439729,"tcpack":368525478,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:13.921276+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":4524,"tcpseq":624211328,"tcpack":2011379600,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:14.950585+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54685,"tcpseq":3357769995,"tcpack":1214602667,"tcpwin":614,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:15.182350+0100","flow_id":674003981158183,"event_type":"drop","src_ip":"192.168.1.2","src_port":39640,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":52630,"tcpseq":128931254,"tcpack":4044684977,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:15.545907+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":4529,"tcpseq":624211706,"tcpack":2011383186,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:17.060345+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54688,"tcpseq":3357770328,"tcpack":1214602957,"tcpwin":622,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:17.504232+0100","flow_id":108771252744447,"event_type":"drop","src_ip":"192.168.1.2","src_port":39642,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":57748,"tcpseq":2346991777,"tcpack":549996551,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:18.036206+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":4609,"tcpseq":624212089,"tcpack":2011584603,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:19.047439+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54691,"tcpseq":3357770656,"tcpack":1214603246,"tcpwin":631,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:19.649790+0100","flow_id":266802427020093,"event_type":"drop","src_ip":"192.168.1.2","src_port":39644,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":46346,"tcpseq":39394603,"tcpack":3638142151,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:20.763045+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":4616,"tcpseq":624212467,"tcpack":2011591036,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:22.395626+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54694,"tcpseq":3357770989,"tcpack":1214603536,"tcpwin":639,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:22.834538+0100","flow_id":48770559949638,"event_type":"drop","src_ip":"192.168.1.2","src_port":39650,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":50254,"tcpseq":4284379721,"tcpack":2003743121,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:23.096539+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":4649,"tcpseq":624212850,"tcpack":2011640261,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:24.429858+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54697,"tcpseq":3357771317,"tcpack":1214603825,"tcpwin":647,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:24.658699+0100","flow_id":1187553221282944,"event_type":"drop","src_ip":"192.168.1.2","src_port":39658,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":32479,"tcpseq":1150862329,"tcpack":4017798253,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:25.157637+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":24330,"tcpseq":2352549144,"tcpack":3188227889,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:26.518496+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54700,"tcpseq":3357771650,"tcpack":1214604115,"tcpwin":656,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:27.195306+0100","flow_id":446220391327087,"event_type":"drop","src_ip":"192.168.1.2","src_port":39660,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":45415,"tcpseq":896890696,"tcpack":468535328,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:28.512612+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":4658,"tcpseq":624213228,"tcpack":2011650066,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:30.601243+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54703,"tcpseq":3357771978,"tcpack":1214604404,"tcpwin":664,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:30.832588+0100","flow_id":1358490772616025,"event_type":"drop","src_ip":"192.168.1.2","src_port":39662,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":37531,"tcpseq":1517176795,"tcpack":408654585,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:31.300633+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":4663,"tcpseq":624213606,"tcpack":2011653363,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:32.714839+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54706,"tcpseq":3357772311,"tcpack":1214604694,"tcpwin":672,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:33.157612+0100","flow_id":754148072056513,"event_type":"drop","src_ip":"192.168.1.2","src_port":39664,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":46507,"tcpseq":2460052479,"tcpack":2490995117,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:33.624449+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":4735,"tcpseq":624213989,"tcpack":2011830609,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:35.692669+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54709,"tcpseq":3357772639,"tcpack":1214604983,"tcpwin":681,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:35.923210+0100","flow_id":1169679715603713,"event_type":"drop","src_ip":"192.168.1.2","src_port":39666,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":20265,"tcpseq":1762502147,"tcpack":353105606,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:36.447188+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":24383,"tcpseq":2352549527,"tcpack":3188350411,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:38.770580+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54712,"tcpseq":3357772972,"tcpack":1214605273,"tcpwin":689,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:39.210629+0100","flow_id":2125857547564548,"event_type":"drop","src_ip":"192.168.1.2","src_port":39668,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":51458,"tcpseq":84753661,"tcpack":313052491,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:39.535856+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":24402,"tcpseq":2352549910,"tcpack":3188374803,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:41.388554+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54715,"tcpseq":3357773300,"tcpack":1214605562,"tcpwin":698,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:41.618580+0100","flow_id":761518236462965,"event_type":"drop","src_ip":"192.168.1.2","src_port":39672,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":22232,"tcpseq":4259555764,"tcpack":3327242163,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:41.969292+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":24408,"tcpseq":2352550288,"tcpack":3188379942,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:45.374576+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54718,"tcpseq":3357773633,"tcpack":1214605852,"tcpwin":706,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:45.813928+0100","flow_id":1185027781913173,"event_type":"drop","src_ip":"192.168.1.2","src_port":39676,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":59008,"tcpseq":4108511671,"tcpack":1482809606,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:46.145253+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":24454,"tcpseq":2352550671,"tcpack":3188483376,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:47.377866+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54721,"tcpseq":3357773961,"tcpack":1214606141,"tcpwin":714,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:48.187722+0100","flow_id":1096169203649897,"event_type":"drop","src_ip":"192.168.1.2","src_port":39678,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":6900,"tcpseq":2499415098,"tcpack":1169651492,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:49.411906+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":4742,"tcpseq":624214367,"tcpack":2011836996,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:50.475741+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54724,"tcpseq":3357774294,"tcpack":1214606431,"tcpwin":723,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:51.277850+0100","flow_id":2118826686871945,"event_type":"drop","src_ip":"192.168.1.2","src_port":39680,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":16135,"tcpseq":4153023668,"tcpack":1505070471,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:52.470632+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":4771,"tcpseq":624214750,"tcpack":2011891538,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:54.533309+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54727,"tcpseq":3357774622,"tcpack":1214606720,"tcpwin":731,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:54.764114+0100","flow_id":1136365803055068,"event_type":"drop","src_ip":"192.168.1.2","src_port":39682,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":23672,"tcpseq":3451940553,"tcpack":649292691,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:55.385804+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":24462,"tcpseq":2352551049,"tcpack":3188490630,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:58.645459+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54730,"tcpseq":3357774955,"tcpack":1214607010,"tcpwin":739,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:56:59.492618+0100","flow_id":612220879454899,"event_type":"drop","src_ip":"192.168.1.2","src_port":39684,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":47135,"tcpseq":1031338881,"tcpack":4207496939,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:00.632273+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":4778,"tcpseq":624215128,"tcpack":2011898723,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:01.704439+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54733,"tcpseq":3357775283,"tcpack":1214607299,"tcpwin":748,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:01.934614+0100","flow_id":884889025856008,"event_type":"drop","src_ip":"192.168.1.2","src_port":39686,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":12228,"tcpseq":728195332,"tcpack":1292959288,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:02.551524+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":4806,"tcpseq":624215506,"tcpack":2011949467,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:04.770771+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54736,"tcpseq":3357775616,"tcpack":1214607589,"tcpwin":756,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:05.209196+0100","flow_id":936673446801441,"event_type":"drop","src_ip":"192.168.1.2","src_port":39688,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":7402,"tcpseq":2225817444,"tcpack":1049317357,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:05.643247+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":24497,"tcpseq":2352551432,"tcpack":3188561687,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:06.766221+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54739,"tcpseq":3357775944,"tcpack":1214607878,"tcpwin":765,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:06.997328+0100","flow_id":2130564833490567,"event_type":"drop","src_ip":"192.168.1.2","src_port":39690,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":37773,"tcpseq":3906072845,"tcpack":1388606988,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:07.910854+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":24510,"tcpseq":2352551810,"tcpack":3188576933,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:10.909314+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54742,"tcpseq":3357776277,"tcpack":1214608168,"tcpwin":773,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:11.396565+0100","flow_id":786325969505244,"event_type":"drop","src_ip":"192.168.1.2","src_port":39694,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":24072,"tcpseq":2106666418,"tcpack":1798099040,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:11.937593+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":4885,"tcpseq":624215889,"tcpack":2012145832,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:13.434966+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54745,"tcpseq":3357776605,"tcpack":1214608457,"tcpwin":781,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:13.666607+0100","flow_id":761095184263941,"event_type":"drop","src_ip":"192.168.1.2","src_port":39698,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":41668,"tcpseq":257744472,"tcpack":976807009,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:13.986744+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":4890,"tcpseq":624216267,"tcpack":2012147485,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:16.526184+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54748,"tcpseq":3357776938,"tcpack":1214608747,"tcpwin":790,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:16.965432+0100","flow_id":912529288903181,"event_type":"drop","src_ip":"192.168.1.2","src_port":39700,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":43088,"tcpseq":1011360055,"tcpack":2809268833,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:17.495216+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":4943,"tcpseq":624216650,"tcpack":2012271176,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:18.512610+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54751,"tcpseq":3357777266,"tcpack":1214609036,"tcpwin":798,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:18.742900+0100","flow_id":776015900988684,"event_type":"drop","src_ip":"192.168.1.2","src_port":39702,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":53702,"tcpseq":1895776686,"tcpack":2811344714,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:19.135199+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":24530,"tcpseq":2352552193,"tcpack":3188604382,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:20.554028+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54754,"tcpseq":3357777594,"tcpack":1214609325,"tcpwin":806,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:21.185121+0100","flow_id":1997863229860699,"event_type":"drop","src_ip":"192.168.1.2","src_port":39706,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":23077,"tcpseq":2713764632,"tcpack":2718105233,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:21.697938+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":4950,"tcpseq":624217028,"tcpack":2012277600,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:53.328037+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54757,"tcpseq":3357777927,"tcpack":1214609615,"tcpwin":815,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:54.094521+0100","flow_id":752674903522193,"event_type":"drop","src_ip":"192.168.1.2","src_port":39718,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":22096,"tcpseq":3821882921,"tcpack":621618945,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:55.291140+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":24537,"tcpseq":2352552571,"tcpack":3188609557,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:58.345017+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54760,"tcpseq":3357778255,"tcpack":1214609904,"tcpwin":823,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:58.782669+0100","flow_id":1735923914436739,"event_type":"drop","src_ip":"192.168.1.2","src_port":39720,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":41040,"tcpseq":3531312288,"tcpack":2194041501,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:57:59.237333+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":24546,"tcpseq":2352552949,"tcpack":3188619329,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:19.979693+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":382,"tos":0,"ttl":64,"ipid":54763,"tcpseq":3357778588,"tcpack":1214610194,"tcpwin":832,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:20.256520+0100","flow_id":1599154977302768,"event_type":"drop","src_ip":"192.168.1.2","src_port":39726,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":396,"tos":0,"ttl":64,"ipid":63534,"tcpseq":1688369312,"tcpack":4207186265,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:20.805590+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":432,"tos":0,"ttl":64,"ipid":9455,"tcpseq":624217411,"tcpack":2024487126,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:23.141176+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54766,"tcpseq":3357778918,"tcpack":1214610483,"tcpwin":840,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:23.580641+0100","flow_id":155762498198382,"event_type":"drop","src_ip":"192.168.1.2","src_port":39728,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":56111,"tcpseq":2849265283,"tcpack":3556042993,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:24.031427+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":27716,"tcpseq":2352553332,"tcpack":3197197625,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:27.204908+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54769,"tcpseq":3357779251,"tcpack":1214610773,"tcpwin":848,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:27.435662+0100","flow_id":1928531724707069,"event_type":"drop","src_ip":"192.168.1.2","src_port":39736,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":17257,"tcpseq":2979979226,"tcpack":3798624008,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:28.244721+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":9468,"tcpseq":624217791,"tcpack":2024502010,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:30.306044+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54772,"tcpseq":3357779579,"tcpack":1214611062,"tcpwin":857,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:30.746982+0100","flow_id":1330934270289073,"event_type":"drop","src_ip":"192.168.1.2","src_port":39738,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":10323,"tcpseq":2994569725,"tcpack":3001130692,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:31.301635+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":9473,"tcpseq":624218169,"tcpack":2024505270,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:32.315896+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":382,"tos":0,"ttl":64,"ipid":54775,"tcpseq":3357779912,"tcpack":1214611352,"tcpwin":865,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:32.545499+0100","flow_id":1634281368080824,"event_type":"drop","src_ip":"192.168.1.2","src_port":39740,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":396,"tos":0,"ttl":64,"ipid":9578,"tcpseq":3118831068,"tcpack":1793360599,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:33.335891+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":432,"tos":0,"ttl":64,"ipid":9478,"tcpseq":624218552,"tcpack":2024508697,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:34.884804+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54778,"tcpseq":3357780242,"tcpack":1214611641,"tcpwin":873,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:35.325879+0100","flow_id":312223862618082,"event_type":"drop","src_ip":"192.168.1.2","src_port":39742,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":52409,"tcpseq":2274129704,"tcpack":2632543679,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:35.552998+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":9481,"tcpseq":624218932,"tcpack":2024509070,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:36.263601+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54781,"tcpseq":3357780575,"tcpack":1214611931,"tcpwin":882,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:36.494819+0100","flow_id":111831426042836,"event_type":"drop","src_ip":"192.168.1.2","src_port":39744,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":50439,"tcpseq":2259485989,"tcpack":1279335433,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:36.720785+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":9485,"tcpseq":624219315,"tcpack":2024511344,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:38.120487+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54784,"tcpseq":3357780903,"tcpack":1214612220,"tcpwin":890,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:38.575535+0100","flow_id":920928102827985,"event_type":"drop","src_ip":"192.168.1.2","src_port":39746,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":1701,"tcpseq":2288504475,"tcpack":183165730,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:38.812891+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":9492,"tcpseq":624219693,"tcpack":2024517704,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:39.421271+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54787,"tcpseq":3357781236,"tcpack":1214612510,"tcpwin":899,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:39.653882+0100","flow_id":534058923718928,"event_type":"drop","src_ip":"192.168.1.2","src_port":39748,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":8312,"tcpseq":1449782274,"tcpack":4120576613,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:39.879907+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":9497,"tcpseq":624220076,"tcpack":2024521180,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:41.155274+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54790,"tcpseq":3357781564,"tcpack":1214612799,"tcpwin":907,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:41.618793+0100","flow_id":1812554723717325,"event_type":"drop","src_ip":"192.168.1.2","src_port":39750,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":13020,"tcpseq":1403643587,"tcpack":949484661,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:41.876437+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":9501,"tcpseq":624220454,"tcpack":2024522799,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:42.390299+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":382,"tos":0,"ttl":64,"ipid":54793,"tcpseq":3357781897,"tcpack":1214613089,"tcpwin":915,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:42.650800+0100","flow_id":1556787273854401,"event_type":"drop","src_ip":"192.168.1.2","src_port":39752,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":396,"tos":0,"ttl":64,"ipid":19286,"tcpseq":1716097868,"tcpack":1243798710,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:42.912180+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":432,"tos":0,"ttl":64,"ipid":9506,"tcpseq":624220837,"tcpack":2024526428,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:44.070844+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54796,"tcpseq":3357782227,"tcpack":1214613378,"tcpwin":924,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:44.529174+0100","flow_id":62989058446005,"event_type":"drop","src_ip":"192.168.1.2","src_port":39758,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":13852,"tcpseq":3955222888,"tcpack":1578316733,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:44.771601+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":9509,"tcpseq":624221217,"tcpack":2024526801,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:45.229461+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54799,"tcpseq":3357782560,"tcpack":1214613668,"tcpwin":932,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:45.483556+0100","flow_id":2250042240229336,"event_type":"drop","src_ip":"192.168.1.2","src_port":39762,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":30997,"tcpseq":1289722401,"tcpack":945156734,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:45.723935+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":9514,"tcpseq":624221600,"tcpack":2024529895,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:46.798518+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54802,"tcpseq":3357782888,"tcpack":1214613957,"tcpwin":940,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:47.276497+0100","flow_id":2077161216751413,"event_type":"drop","src_ip":"192.168.1.2","src_port":39764,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":7904,"tcpseq":2736911602,"tcpack":1020982685,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:47.542103+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":27720,"tcpseq":2352553715,"tcpack":3197199638,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:48.507146+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":382,"tos":0,"ttl":64,"ipid":54805,"tcpseq":3357783221,"tcpack":1214614247,"tcpwin":949,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:48.757877+0100","flow_id":74450178969581,"event_type":"drop","src_ip":"192.168.1.2","src_port":39766,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":396,"tos":0,"ttl":64,"ipid":40495,"tcpseq":3239276078,"tcpack":1738170906,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:49.002724+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":432,"tos":0,"ttl":64,"ipid":27725,"tcpseq":2352554098,"tcpack":3197203250,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:51.500720+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54808,"tcpseq":3357783551,"tcpack":1214614536,"tcpwin":957,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:51.959491+0100","flow_id":2160341848662958,"event_type":"drop","src_ip":"192.168.1.2","src_port":39772,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":21596,"tcpseq":2097522910,"tcpack":2222092345,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:52.193690+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":27745,"tcpseq":2352554478,"tcpack":3197231266,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:52.956868+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":382,"tos":0,"ttl":64,"ipid":54811,"tcpseq":3357783884,"tcpack":1214614826,"tcpwin":966,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:53.206073+0100","flow_id":1884589915972720,"event_type":"drop","src_ip":"192.168.1.2","src_port":39774,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":396,"tos":0,"ttl":64,"ipid":18058,"tcpseq":1789085665,"tcpack":3753363653,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:53.454042+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":432,"tos":0,"ttl":64,"ipid":27749,"tcpseq":2352554861,"tcpack":3197234882,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:55.731595+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54814,"tcpseq":3357784214,"tcpack":1214615115,"tcpwin":974,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:56.205117+0100","flow_id":310252473950357,"event_type":"drop","src_ip":"192.168.1.2","src_port":39778,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":35631,"tcpseq":1005159987,"tcpack":755503119,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:56.457920+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":27775,"tcpseq":2352555241,"tcpack":3197280871,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:57.093063+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54817,"tcpseq":3357784547,"tcpack":1214615405,"tcpwin":982,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:57.361109+0100","flow_id":961721703432700,"event_type":"drop","src_ip":"192.168.1.2","src_port":39780,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":14383,"tcpseq":3455723919,"tcpack":2132490322,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:57.645950+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":9521,"tcpseq":624221978,"tcpack":2024536223,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:58.048748+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54820,"tcpseq":3357784875,"tcpack":1214615694,"tcpwin":991,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:58.600249+0100","flow_id":196798765472759,"event_type":"drop","src_ip":"192.168.1.2","src_port":39782,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":39742,"tcpseq":484871434,"tcpack":1841313896,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:58:59.100321+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":27778,"tcpseq":2352555624,"tcpack":3197283113,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:01.179711+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":380,"tos":0,"ttl":64,"ipid":54823,"tcpseq":3357785208,"tcpack":1214615984,"tcpwin":999,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:01.414598+0100","flow_id":932668397408874,"event_type":"drop","src_ip":"192.168.1.2","src_port":39784,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":394,"tos":0,"ttl":64,"ipid":49478,"tcpseq":2652889150,"tcpack":937964149,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:01.639621+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":430,"tos":0,"ttl":64,"ipid":27783,"tcpseq":2352556007,"tcpack":3197286204,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:02.206798+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54826,"tcpseq":3357785536,"tcpack":1214616273,"tcpwin":1007,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:02.651400+0100","flow_id":380408617692998,"event_type":"drop","src_ip":"192.168.1.2","src_port":39786,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":48217,"tcpseq":2437519899,"tcpack":913913575,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:02.878032+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":9531,"tcpseq":624222356,"tcpack":2024547363,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:03.873939+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54829,"tcpseq":3357785869,"tcpack":1214616563,"tcpwin":1016,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:04.127644+0100","flow_id":1823133229707814,"event_type":"drop","src_ip":"192.168.1.2","src_port":39788,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":26366,"tcpseq":3235400431,"tcpack":3181411606,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:04.352223+0100","flow_id":669988178045534,"event_type":"drop","src_ip":"192.168.1.2","src_port":60638,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":9536,"tcpseq":624222739,"tcpack":2024550958,"tcpwin":6842,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:04.712899+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54832,"tcpseq":3357786202,"tcpack":1214616853,"tcpwin":1024,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:05.174581+0100","flow_id":1731349778639269,"event_type":"drop","src_ip":"192.168.1.2","src_port":39790,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":52570,"tcpseq":1794440571,"tcpack":3954713086,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:05.417364+0100","flow_id":888413035138287,"event_type":"drop","src_ip":"192.168.1.2","src_port":35272,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":435,"tos":0,"ttl":64,"ipid":27789,"tcpseq":2352556385,"tcpack":3197291348,"tcpwin":8057,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:07.279127+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54835,"tcpseq":3357786535,"tcpack":1214617143,"tcpwin":1033,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:07.526166+0100","flow_id":1601238039463628,"event_type":"drop","src_ip":"192.168.1.2","src_port":39792,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":30354,"tcpseq":1335381955,"tcpack":3372799184,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:07.795092+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54838,"tcpseq":3357786868,"tcpack":1214617433,"tcpwin":1041,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:08.245602+0100","flow_id":731709025599016,"event_type":"drop","src_ip":"192.168.1.2","src_port":39794,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":26389,"tcpseq":2857589564,"tcpack":2507866284,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:08.492887+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54841,"tcpseq":3357787201,"tcpack":1214617723,"tcpwin":1049,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:08.729173+0100","flow_id":899472595623586,"event_type":"drop","src_ip":"192.168.1.2","src_port":39796,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":33405,"tcpseq":2637806705,"tcpack":1864747294,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:08.976460+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54844,"tcpseq":3357787534,"tcpack":1214618013,"tcpwin":1058,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:09.432147+0100","flow_id":1360715576088484,"event_type":"drop","src_ip":"192.168.1.2","src_port":39798,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":18078,"tcpseq":1321993818,"tcpack":2670676510,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:09.684779+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54847,"tcpseq":3357787867,"tcpack":1214618303,"tcpwin":1066,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:09.929142+0100","flow_id":947960628981003,"event_type":"drop","src_ip":"192.168.1.2","src_port":39800,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":3540,"tcpseq":1806520171,"tcpack":3704047204,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:10.189246+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54850,"tcpseq":3357788200,"tcpack":1214618593,"tcpwin":1074,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:10.636528+0100","flow_id":866220958987687,"event_type":"drop","src_ip":"192.168.1.2","src_port":39802,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":16067,"tcpseq":2986507200,"tcpack":75374091,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:10.882920+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":382,"tos":0,"ttl":64,"ipid":54853,"tcpseq":3357788533,"tcpack":1214618883,"tcpwin":1083,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:11.164936+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54856,"tcpseq":3357788863,"tcpack":1214619172,"tcpwin":1091,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:11.653302+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":382,"tos":0,"ttl":64,"ipid":54859,"tcpseq":3357789196,"tcpack":1214619462,"tcpwin":1100,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:11.987932+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54862,"tcpseq":3357789526,"tcpack":1214619751,"tcpwin":1108,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:12.489714+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":382,"tos":0,"ttl":64,"ipid":54865,"tcpseq":3357789859,"tcpack":1214620041,"tcpwin":1116,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:12.873004+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":385,"tos":0,"ttl":64,"ipid":54868,"tcpseq":3357790189,"tcpack":1214620330,"tcpwin":1125,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T04:59:13.360850+0100","flow_id":476063962117701,"event_type":"drop","src_ip":"192.168.1.2","src_port":36554,"dest_ip":"2.23.82.149","dest_port":80,"proto":"TCP","drop":{"len":382,"tos":0,"ttl":64,"ipid":54871,"tcpseq":3357790522,"tcpack":1214620620,"tcpwin":1133,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:07.365118+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":27863,"tcpseq":309748142,"tcpack":2385165117,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:08.382140+0100","flow_id":908474854986674,"event_type":"drop","src_ip":"192.168.1.2","src_port":40066,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":9271,"tcpseq":2814719302,"tcpack":3588032841,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:09.328602+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":28050,"tcpseq":309748527,"tcpack":2385533411,"tcpwin":2567,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:10.367720+0100","flow_id":861305376774986,"event_type":"drop","src_ip":"192.168.1.2","src_port":40068,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":46891,"tcpseq":3025645084,"tcpack":450297986,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:11.363174+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":10419,"tcpseq":317339048,"tcpack":981009651,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:12.398483+0100","flow_id":714050275644435,"event_type":"drop","src_ip":"192.168.1.2","src_port":40074,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":39320,"tcpseq":2873211018,"tcpack":355152346,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:13.395286+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":10482,"tcpseq":317339433,"tcpack":981097442,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:14.434855+0100","flow_id":1374998498025953,"event_type":"drop","src_ip":"192.168.1.2","src_port":40076,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":2758,"tcpseq":1834230737,"tcpack":2610863571,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:15.439053+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":10545,"tcpseq":317339818,"tcpack":981206574,"tcpwin":2122,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:16.453582+0100","flow_id":1926081456958245,"event_type":"drop","src_ip":"192.168.1.2","src_port":40078,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":21986,"tcpseq":2587059480,"tcpack":1809864572,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:17.441937+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":10594,"tcpseq":317340203,"tcpack":981303607,"tcpwin":2342,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:19.038085+0100","flow_id":1794099259610142,"event_type":"drop","src_ip":"192.168.1.2","src_port":40080,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":9819,"tcpseq":606018908,"tcpack":1983332696,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:19.309038+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":10640,"tcpseq":317340588,"tcpack":981404806,"tcpwin":2342,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:19.883930+0100","flow_id":2116810217323537,"event_type":"drop","src_ip":"192.168.1.2","src_port":40082,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":20689,"tcpseq":3597889171,"tcpack":4001647296,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:20.161708+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":10687,"tcpseq":317340973,"tcpack":981510582,"tcpwin":2342,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:20.685596+0100","flow_id":448829603214625,"event_type":"drop","src_ip":"192.168.1.2","src_port":40084,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":19103,"tcpseq":1885342494,"tcpack":652222540,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:20.908231+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":10731,"tcpseq":317341358,"tcpack":981606826,"tcpwin":2342,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:21.185416+0100","flow_id":1637760302699324,"event_type":"drop","src_ip":"192.168.1.2","src_port":40086,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":24222,"tcpseq":4021689840,"tcpack":52601334,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:21.521362+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":10773,"tcpseq":317341743,"tcpack":981698665,"tcpwin":2342,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:22.023805+0100","flow_id":967174173908004,"event_type":"drop","src_ip":"192.168.1.2","src_port":40088,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":37996,"tcpseq":877908692,"tcpack":1190193034,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:22.320093+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":28092,"tcpseq":309748912,"tcpack":2385625153,"tcpwin":2567,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:22.922161+0100","flow_id":1446791024349485,"event_type":"drop","src_ip":"192.168.1.2","src_port":40090,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":2806,"tcpseq":1945059536,"tcpack":1955884796,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:23.161873+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":10814,"tcpseq":317342128,"tcpack":981795850,"tcpwin":2342,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:23.446159+0100","flow_id":408100428565892,"event_type":"drop","src_ip":"192.168.1.2","src_port":40094,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":23368,"tcpseq":3081967362,"tcpack":367089589,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:23.704472+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":28138,"tcpseq":309749297,"tcpack":2385726104,"tcpwin":2567,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:24.193836+0100","flow_id":2164969685972009,"event_type":"drop","src_ip":"192.168.1.2","src_port":40096,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":61784,"tcpseq":324779619,"tcpack":446738092,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:24.417485+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":10860,"tcpseq":317342513,"tcpack":981898405,"tcpwin":2342,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:24.929766+0100","flow_id":1106702629089077,"event_type":"drop","src_ip":"192.168.1.2","src_port":40098,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":48673,"tcpseq":3636849678,"tcpack":1539274686,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:25.235889+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":28182,"tcpseq":309749682,"tcpack":2385822648,"tcpwin":2567,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:25.986229+0100","flow_id":777096101432202,"event_type":"drop","src_ip":"192.168.1.2","src_port":40102,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":34297,"tcpseq":2495534023,"tcpack":2723206055,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:26.322767+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":28226,"tcpseq":309750067,"tcpack":2385919265,"tcpwin":2567,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:27.257123+0100","flow_id":1259257720204095,"event_type":"drop","src_ip":"192.168.1.2","src_port":40104,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":10709,"tcpseq":1697477370,"tcpack":1887697092,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:27.482634+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":10903,"tcpseq":317342898,"tcpack":981991378,"tcpwin":2342,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:27.972377+0100","flow_id":1659653898884422,"event_type":"drop","src_ip":"192.168.1.2","src_port":40106,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":56570,"tcpseq":3886973198,"tcpack":2883411867,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:28.360596+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":11038,"tcpseq":317343283,"tcpack":982349793,"tcpwin":2342,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:29.408683+0100","flow_id":1373336346686222,"event_type":"drop","src_ip":"192.168.1.2","src_port":40108,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":60770,"tcpseq":3500707739,"tcpack":4191360971,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:30.256889+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":28266,"tcpseq":309750452,"tcpack":2386005487,"tcpwin":2567,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:31.512633+0100","flow_id":1803601875554742,"event_type":"drop","src_ip":"192.168.1.2","src_port":40110,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":14560,"tcpseq":3852030741,"tcpack":2929836291,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:31.867074+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":11325,"tcpseq":317343668,"tcpack":983200644,"tcpwin":2398,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:32.539006+0100","flow_id":1202383763552350,"event_type":"drop","src_ip":"192.168.1.2","src_port":40112,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":39292,"tcpseq":1147270840,"tcpack":3638789037,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:32.901323+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":11698,"tcpseq":317344053,"tcpack":984253561,"tcpwin":2398,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:33.662939+0100","flow_id":1532630241451103,"event_type":"drop","src_ip":"192.168.1.2","src_port":40114,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":28695,"tcpseq":2623669286,"tcpack":2091060721,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:33.927279+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":12015,"tcpseq":317344438,"tcpack":985124584,"tcpwin":2724,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:34.222498+0100","flow_id":1399739658429542,"event_type":"drop","src_ip":"192.168.1.2","src_port":40116,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":42487,"tcpseq":4102476715,"tcpack":2455369393,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:34.481275+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":28494,"tcpseq":309750837,"tcpack":2386544457,"tcpwin":3962,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:35.548015+0100","flow_id":2161542302751746,"event_type":"drop","src_ip":"192.168.1.2","src_port":40118,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":27612,"tcpseq":2067533909,"tcpack":4221683564,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:36.106665+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":12058,"tcpseq":317344823,"tcpack":985216777,"tcpwin":2724,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:36.672814+0100","flow_id":1244528130409295,"event_type":"drop","src_ip":"192.168.1.2","src_port":40120,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":42835,"tcpseq":1340266657,"tcpack":4293460107,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:37.184935+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":12102,"tcpseq":317345208,"tcpack":985313284,"tcpwin":2724,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:37.531627+0100","flow_id":131553927699470,"event_type":"drop","src_ip":"192.168.1.2","src_port":40122,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":31087,"tcpseq":1812396583,"tcpack":886571186,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:37.757922+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":28551,"tcpseq":309751222,"tcpack":2386636468,"tcpwin":4637,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:38.036566+0100","flow_id":452134581734814,"event_type":"drop","src_ip":"192.168.1.2","src_port":40126,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":20889,"tcpseq":2556155090,"tcpack":979804271,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:38.742845+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":12152,"tcpseq":317345593,"tcpack":985427092,"tcpwin":2724,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:39.230825+0100","flow_id":1159124853425344,"event_type":"drop","src_ip":"192.168.1.2","src_port":40128,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":33529,"tcpseq":3009022745,"tcpack":786193962,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:39.534858+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":12196,"tcpseq":317345978,"tcpack":985522887,"tcpwin":2724,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:39.864503+0100","flow_id":1341343135903793,"event_type":"drop","src_ip":"192.168.1.2","src_port":40130,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":39308,"tcpseq":2771981793,"tcpack":120137770,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:40.088268+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":12246,"tcpseq":317346363,"tcpack":985636616,"tcpwin":2724,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:40.586837+0100","flow_id":195351372166050,"event_type":"drop","src_ip":"192.168.1.2","src_port":40132,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":59226,"tcpseq":511993968,"tcpack":368183456,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:40.907737+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":12292,"tcpseq":317346748,"tcpack":985737580,"tcpwin":2724,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:41.184398+0100","flow_id":1934014263185244,"event_type":"drop","src_ip":"192.168.1.2","src_port":40134,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":5127,"tcpseq":3771106712,"tcpack":2571217636,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:41.584892+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":28597,"tcpseq":309751607,"tcpack":2386738062,"tcpwin":4637,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:42.149082+0100","flow_id":1859103591122358,"event_type":"drop","src_ip":"192.168.1.2","src_port":40136,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":21497,"tcpseq":2245314209,"tcpack":1911484501,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:42.610889+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":12335,"tcpseq":317347133,"tcpack":985832026,"tcpwin":2724,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:43.170804+0100","flow_id":1103762725247653,"event_type":"drop","src_ip":"192.168.1.2","src_port":40140,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":34249,"tcpseq":1025318035,"tcpack":2415130701,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:43.650118+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":28639,"tcpseq":309751992,"tcpack":2386830147,"tcpwin":4637,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:44.218028+0100","flow_id":1035822785122937,"event_type":"drop","src_ip":"192.168.1.2","src_port":40142,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":57527,"tcpseq":1550024159,"tcpack":1001634358,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:44.666269+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":12379,"tcpseq":317347518,"tcpack":985928100,"tcpwin":2724,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:45.187541+0100","flow_id":457632140299399,"event_type":"drop","src_ip":"192.168.1.2","src_port":40144,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":12275,"tcpseq":533761872,"tcpack":247639719,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:46.082026+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":28692,"tcpseq":309752377,"tcpack":2386951725,"tcpwin":4637,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:47.132277+0100","flow_id":1977979696251859,"event_type":"drop","src_ip":"192.168.1.2","src_port":40148,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":24548,"tcpseq":16447280,"tcpack":2604733329,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:47.363261+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":28718,"tcpseq":309752762,"tcpack":2386996384,"tcpwin":4637,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:48.293202+0100","flow_id":273908471986212,"event_type":"drop","src_ip":"192.168.1.2","src_port":40150,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":52931,"tcpseq":2664260503,"tcpack":2090639630,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:48.770406+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":28820,"tcpseq":309753147,"tcpack":2387259329,"tcpwin":4637,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:50.376060+0100","flow_id":370212376329151,"event_type":"drop","src_ip":"192.168.1.2","src_port":40152,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":8841,"tcpseq":1962252286,"tcpack":2097176287,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:51.243642+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":12432,"tcpseq":317347903,"tcpack":986054420,"tcpwin":2724,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:51.899298+0100","flow_id":1362388476475439,"event_type":"drop","src_ip":"192.168.1.2","src_port":40154,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":7578,"tcpseq":2994382590,"tcpack":1780220171,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:52.380632+0100","flow_id":1362388476475439,"event_type":"drop","src_ip":"192.168.1.2","src_port":40154,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":7616,"tcpseq":2994382939,"tcpack":1780270220,"tcpwin":1016,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:53.316929+0100","flow_id":1362388476475439,"event_type":"drop","src_ip":"192.168.1.2","src_port":40154,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":7633,"tcpseq":2994383288,"tcpack":1780290450,"tcpwin":1331,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:54.357251+0100","flow_id":1362388476475439,"event_type":"drop","src_ip":"192.168.1.2","src_port":40154,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":7663,"tcpseq":2994383637,"tcpack":1780338821,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:55.396921+0100","flow_id":1362388476475439,"event_type":"drop","src_ip":"192.168.1.2","src_port":40154,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":7755,"tcpseq":2994383986,"tcpack":1780519249,"tcpwin":2302,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:56.371462+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":12563,"tcpseq":317348288,"tcpack":986402534,"tcpwin":2724,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:57.055826+0100","flow_id":1921842326919523,"event_type":"drop","src_ip":"192.168.1.2","src_port":40156,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":14015,"tcpseq":3953981744,"tcpack":3793372169,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:57.343282+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":13057,"tcpseq":317348673,"tcpack":987624577,"tcpwin":5401,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:58.028036+0100","flow_id":1484758537628748,"event_type":"drop","src_ip":"192.168.1.2","src_port":40158,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":32636,"tcpseq":1398516773,"tcpack":3976562746,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:58.280125+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":13088,"tcpseq":317349058,"tcpack":987669184,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:58.663649+0100","flow_id":1345855000289177,"event_type":"drop","src_ip":"192.168.1.2","src_port":40160,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":62909,"tcpseq":4276232301,"tcpack":2575013852,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:58.891251+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":13107,"tcpseq":317349443,"tcpack":987692272,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:59.689148+0100","flow_id":338637924827892,"event_type":"drop","src_ip":"192.168.1.2","src_port":40162,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":43172,"tcpseq":3016978812,"tcpack":2292453416,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:01:59.964350+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":13485,"tcpseq":317349828,"tcpack":988748857,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:00.426183+0100","flow_id":1737609704906564,"event_type":"drop","src_ip":"192.168.1.2","src_port":40164,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":23755,"tcpseq":1136951512,"tcpack":474343995,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:00.936061+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":29292,"tcpseq":309753532,"tcpack":2388569877,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:02.029201+0100","flow_id":1658816382529845,"event_type":"drop","src_ip":"192.168.1.2","src_port":40168,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":53638,"tcpseq":1964192635,"tcpack":1557032033,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:02.313401+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":29667,"tcpseq":309753917,"tcpack":2389619046,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:03.096510+0100","flow_id":1092484142430157,"event_type":"drop","src_ip":"192.168.1.2","src_port":40170,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":43480,"tcpseq":3195752190,"tcpack":225837533,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:03.342794+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":30042,"tcpseq":309754302,"tcpack":2390668166,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:04.058793+0100","flow_id":189168768312601,"event_type":"drop","src_ip":"192.168.1.2","src_port":40178,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":35808,"tcpseq":1769693492,"tcpack":2814537401,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:04.378573+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":13505,"tcpseq":317350213,"tcpack":988776125,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:05.660902+0100","flow_id":827557674862117,"event_type":"drop","src_ip":"192.168.1.2","src_port":40180,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":2486,"tcpseq":3308386791,"tcpack":2176617562,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:06.685928+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":13970,"tcpseq":317350598,"tcpack":990083108,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:07.521583+0100","flow_id":2060640638203064,"event_type":"drop","src_ip":"192.168.1.2","src_port":40182,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":24858,"tcpseq":4194605432,"tcpack":2381219401,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:07.780100+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":14433,"tcpseq":317350983,"tcpack":991386583,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:08.523853+0100","flow_id":739126445931884,"event_type":"drop","src_ip":"192.168.1.2","src_port":40184,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":43850,"tcpseq":4195440402,"tcpack":2392692624,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:08.788007+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":14522,"tcpseq":317351368,"tcpack":991612018,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:09.849072+0100","flow_id":950806056657294,"event_type":"drop","src_ip":"192.168.1.2","src_port":40186,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":55401,"tcpseq":3352614941,"tcpack":54500502,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:10.858951+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":14988,"tcpseq":317351753,"tcpack":992923044,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:11.970337+0100","flow_id":8889663999230,"event_type":"drop","src_ip":"192.168.1.2","src_port":40188,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":42390,"tcpseq":3513625669,"tcpack":2699112302,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:12.222663+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":15363,"tcpseq":317352138,"tcpack":993971987,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:12.998896+0100","flow_id":2084905056222483,"event_type":"drop","src_ip":"192.168.1.2","src_port":40190,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":62785,"tcpseq":2596141288,"tcpack":146818932,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:13.225454+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":15738,"tcpseq":317352523,"tcpack":995020970,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:14.438380+0100","flow_id":587640802268041,"event_type":"drop","src_ip":"192.168.1.2","src_port":40192,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":12661,"tcpseq":994386732,"tcpack":2611974220,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:15.240936+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":16095,"tcpseq":317352908,"tcpack":996142166,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:15.512566+0100","flow_id":118469312369014,"event_type":"drop","src_ip":"192.168.1.2","src_port":40194,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":34625,"tcpseq":3981807766,"tcpack":1114900703,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:15.754046+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":30505,"tcpseq":309754687,"tcpack":2391978950,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:16.612378+0100","flow_id":2208125520729935,"event_type":"drop","src_ip":"192.168.1.2","src_port":40196,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":5069,"tcpseq":2920941629,"tcpack":587459928,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:16.930745+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":16125,"tcpseq":317353293,"tcpack":996198661,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:17.484926+0100","flow_id":316067872859479,"event_type":"drop","src_ip":"192.168.1.2","src_port":40198,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":9944,"tcpseq":402798988,"tcpack":2929499574,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:17.835352+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":16175,"tcpseq":317353678,"tcpack":996312101,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:18.352612+0100","flow_id":1788391251927247,"event_type":"drop","src_ip":"192.168.1.2","src_port":40202,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":32186,"tcpseq":3173539706,"tcpack":3170922059,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:18.580021+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":16363,"tcpseq":317354063,"tcpack":996822679,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:19.418228+0100","flow_id":481821398359656,"event_type":"drop","src_ip":"192.168.1.2","src_port":40204,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":24103,"tcpseq":3381491919,"tcpack":2417778560,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:19.643873+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":30914,"tcpseq":309755072,"tcpack":2393126322,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:20.163945+0100","flow_id":441925447221048,"event_type":"drop","src_ip":"192.168.1.2","src_port":40208,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":16230,"tcpseq":889853619,"tcpack":3926840071,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:20.636712+0100","flow_id":441925447221048,"event_type":"drop","src_ip":"192.168.1.2","src_port":40208,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":16438,"tcpseq":889853968,"tcpack":3927200968,"tcpwin":3670,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:21.163196+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":30934,"tcpseq":309755457,"tcpack":2393154993,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:21.629334+0100","flow_id":2058198950189362,"event_type":"drop","src_ip":"192.168.1.2","src_port":40210,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":15025,"tcpseq":759043361,"tcpack":445492181,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:21.985127+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":16385,"tcpseq":317354448,"tcpack":996855196,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:22.667857+0100","flow_id":656235725467692,"event_type":"drop","src_ip":"192.168.1.2","src_port":40212,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":7977,"tcpseq":702688443,"tcpack":3614179169,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:23.014656+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":16696,"tcpseq":317354833,"tcpack":997717376,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:23.491576+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":9756,"tcpseq":2460946639,"tcpack":3249055517,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:23.735774+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":9761,"tcpseq":2460946988,"tcpack":3249059200,"tcpwin":296,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:24.747718+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":10221,"tcpseq":2460947337,"tcpack":3250370153,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:25.714726+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":10476,"tcpseq":2460947686,"tcpack":3251069580,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:26.718749+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":10561,"tcpseq":2460948035,"tcpack":3251282044,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:27.440047+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":10589,"tcpseq":2460948384,"tcpack":3251332583,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:28.789274+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":10842,"tcpseq":2460948733,"tcpack":3252030880,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:29.515111+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":10863,"tcpseq":2460949082,"tcpack":3252060355,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:30.774850+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":10903,"tcpseq":2460949431,"tcpack":3252146674,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:31.803021+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":10916,"tcpseq":2460949780,"tcpack":3252161082,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:33.249854+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":10921,"tcpseq":2460950129,"tcpack":3252164849,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:34.102655+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":10951,"tcpseq":2460950478,"tcpack":3252220610,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:35.226985+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":11047,"tcpseq":2460950827,"tcpack":3252466251,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:36.375068+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":11565,"tcpseq":2460951176,"tcpack":3253774200,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:37.266665+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":11590,"tcpseq":2460951525,"tcpack":3253813864,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:38.304950+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":11629,"tcpseq":2460951874,"tcpack":3253895243,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:39.260576+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":11635,"tcpseq":2460952223,"tcpack":3253899942,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:39.895116+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":11644,"tcpseq":2460952572,"tcpack":3253909522,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:40.373956+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":11656,"tcpseq":2460952921,"tcpack":3253922752,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:41.385376+0100","flow_id":609766326894451,"event_type":"drop","src_ip":"192.168.1.2","src_port":40214,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":11692,"tcpseq":2460953270,"tcpack":3253995079,"tcpwin":12309,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:41.951655+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":16722,"tcpseq":317355218,"tcpack":997762021,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:43.259145+0100","flow_id":1069957041558956,"event_type":"drop","src_ip":"192.168.1.2","src_port":40218,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":50041,"tcpseq":2698526845,"tcpack":332988901,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:44.418420+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":30956,"tcpseq":309755842,"tcpack":2393186953,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:45.543064+0100","flow_id":1807347091851297,"event_type":"drop","src_ip":"192.168.1.2","src_port":40220,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":6191,"tcpseq":2087752918,"tcpack":2656310773,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:46.059676+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":17189,"tcpseq":317355603,"tcpack":999072911,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:46.549676+0100","flow_id":1000513863049838,"event_type":"drop","src_ip":"192.168.1.2","src_port":40222,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":35573,"tcpseq":2667125269,"tcpack":3684825946,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:47.513585+0100","flow_id":1000513863049838,"event_type":"drop","src_ip":"192.168.1.2","src_port":40222,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":35644,"tcpseq":2667125618,"tcpack":3684932256,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:48.121474+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":17232,"tcpseq":317355988,"tcpack":999165234,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:49.161272+0100","flow_id":1264602812347533,"event_type":"drop","src_ip":"192.168.1.2","src_port":40224,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":15615,"tcpseq":3859458025,"tcpack":749916899,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:49.524475+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":31300,"tcpseq":309756227,"tcpack":2394143539,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:50.613634+0100","flow_id":505250446990453,"event_type":"drop","src_ip":"192.168.1.2","src_port":40226,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":48330,"tcpseq":1364597775,"tcpack":2450319388,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:51.226049+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":17607,"tcpseq":317356373,"tcpack":1000216085,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:51.858659+0100","flow_id":378798019909923,"event_type":"drop","src_ip":"192.168.1.2","src_port":40228,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":12660,"tcpseq":2722862296,"tcpack":2352744544,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:52.665378+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":31532,"tcpseq":309756612,"tcpack":2394781038,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:53.683321+0100","flow_id":1617342034169042,"event_type":"drop","src_ip":"192.168.1.2","src_port":40230,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":51490,"tcpseq":3018023639,"tcpack":1897707258,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:54.848248+0100","flow_id":1617342034169042,"event_type":"drop","src_ip":"192.168.1.2","src_port":40230,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":51500,"tcpseq":3018023988,"tcpack":1897717513,"tcpwin":409,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:56.863005+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":17677,"tcpseq":317356758,"tcpack":1000420625,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:57.969118+0100","flow_id":1156157036151663,"event_type":"drop","src_ip":"192.168.1.2","src_port":40232,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":10231,"tcpseq":4180777921,"tcpack":3777649403,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:02:58.923164+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":31606,"tcpseq":309756997,"tcpack":2394965318,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:00.045400+0100","flow_id":1977715560591379,"event_type":"drop","src_ip":"192.168.1.2","src_port":40234,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":2100,"tcpseq":2183515566,"tcpack":3928176530,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:00.968053+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":18059,"tcpseq":317357143,"tcpack":1001487861,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:01.946544+0100","flow_id":431974010689032,"event_type":"drop","src_ip":"192.168.1.2","src_port":40236,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":32477,"tcpseq":772518609,"tcpack":2727589049,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:03.080164+0100","flow_id":431974010689032,"event_type":"drop","src_ip":"192.168.1.2","src_port":40236,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":32512,"tcpseq":772518958,"tcpack":2727636532,"tcpwin":971,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:06.120544+0100","flow_id":431974010689032,"event_type":"drop","src_ip":"192.168.1.2","src_port":40236,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":32731,"tcpseq":772519307,"tcpack":2728259096,"tcpwin":6572,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:09.227249+0100","flow_id":431974010689032,"event_type":"drop","src_ip":"192.168.1.2","src_port":40236,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":33212,"tcpseq":772519656,"tcpack":2729568978,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:11.139381+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":18115,"tcpseq":317357528,"tcpack":1001618215,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:12.005757+0100","flow_id":1740656988919115,"event_type":"drop","src_ip":"192.168.1.2","src_port":40240,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":11305,"tcpseq":2035996787,"tcpack":820897720,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:12.239904+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":18490,"tcpseq":317357913,"tcpack":1002667399,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:13.238800+0100","flow_id":473822025327564,"event_type":"drop","src_ip":"192.168.1.2","src_port":40246,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":37731,"tcpseq":3598477897,"tcpack":2170640546,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:13.995212+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":18946,"tcpseq":317358298,"tcpack":1003978400,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:15.386255+0100","flow_id":2211170656445335,"event_type":"drop","src_ip":"192.168.1.2","src_port":40248,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":64990,"tcpseq":2159279192,"tcpack":3618559447,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:15.637531+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":19410,"tcpseq":317358683,"tcpack":1005283993,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:16.533419+0100","flow_id":1421025523016390,"event_type":"drop","src_ip":"192.168.1.2","src_port":40250,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":37139,"tcpseq":625252119,"tcpack":3182315796,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:17.206754+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":32071,"tcpseq":309757382,"tcpack":2396273893,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:17.504829+0100","flow_id":1691610610250468,"event_type":"drop","src_ip":"192.168.1.2","src_port":40252,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":10379,"tcpseq":4013629788,"tcpack":1262585268,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:19.768902+0100","flow_id":1691610610250468,"event_type":"drop","src_ip":"192.168.1.2","src_port":40252,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":11074,"tcpseq":4013630137,"tcpack":1263807549,"tcpwin":11635,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:20.723167+0100","flow_id":1691610610250468,"event_type":"drop","src_ip":"192.168.1.2","src_port":40252,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":11108,"tcpseq":4013630486,"tcpack":1263849827,"tcpwin":12287,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:21.665453+0100","flow_id":1691610610250468,"event_type":"drop","src_ip":"192.168.1.2","src_port":40252,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":11129,"tcpseq":4013630835,"tcpack":1263881343,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:22.690821+0100","flow_id":1691610610250468,"event_type":"drop","src_ip":"192.168.1.2","src_port":40252,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":11133,"tcpseq":4013631184,"tcpack":1263887273,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:26.449743+0100","flow_id":1691610610250468,"event_type":"drop","src_ip":"192.168.1.2","src_port":40252,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":11509,"tcpseq":4013631533,"tcpack":1264936308,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:29.075095+0100","flow_id":1691610610250468,"event_type":"drop","src_ip":"192.168.1.2","src_port":40252,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":12009,"tcpseq":4013631882,"tcpack":1266247365,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:32.828430+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":32187,"tcpseq":385954847,"tcpack":717896072,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:32.890709+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":384,"tos":2,"ttl":127,"ipid":32190,"tcpseq":385955117,"tcpack":717896617,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:32.943737+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:32.943783+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:33.092717+0100","flow_id":1691610610250468,"event_type":"drop","src_ip":"192.168.1.2","src_port":40252,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":12499,"tcpseq":4013632231,"tcpack":1267551579,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:33.842668+0100","flow_id":1691610610250468,"event_type":"drop","src_ip":"192.168.1.2","src_port":40252,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":12535,"tcpseq":4013632580,"tcpack":1267648270,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:35.957109+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":389,"tos":2,"ttl":127,"ipid":32269,"tcpseq":385955461,"tcpack":718201903,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:36.108617+0100","flow_id":1691610610250468,"event_type":"drop","src_ip":"192.168.1.2","src_port":40252,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":12549,"tcpseq":4013632929,"tcpack":1267682407,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:36.803668+0100","flow_id":1691610610250468,"event_type":"drop","src_ip":"192.168.1.2","src_port":40252,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":12682,"tcpseq":4013633278,"tcpack":1268058406,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:38.851073+0100","flow_id":1691610610250468,"event_type":"drop","src_ip":"192.168.1.2","src_port":40252,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":12686,"tcpseq":4013633627,"tcpack":1268062752,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:39.406286+0100","flow_id":1691610610250468,"event_type":"drop","src_ip":"192.168.1.2","src_port":40252,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":12736,"tcpseq":4013633976,"tcpack":1268199103,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:40.045228+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":389,"tos":2,"ttl":127,"ipid":32317,"tcpseq":385955810,"tcpack":718370003,"tcpwin":8234,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:41.068703+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":390,"tos":2,"ttl":127,"ipid":32434,"tcpseq":385956159,"tcpack":718823197,"tcpwin":8229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:41.158013+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":32470,"tcpseq":385956509,"tcpack":718957081,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:41.210975+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":32472,"tcpseq":385956779,"tcpack":718957627,"tcpwin":8229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:41.249741+0100","flow_id":1691610610250468,"event_type":"drop","src_ip":"192.168.1.2","src_port":40252,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":12767,"tcpseq":4013634325,"tcpack":1268258556,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:41.264732+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:41.264755+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:41.584305+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":292,"tos":2,"ttl":127,"ipid":32733,"tcpseq":385957100,"tcpack":720140141,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:41.641436+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":343,"tos":2,"ttl":127,"ipid":32735,"tcpseq":385957352,"tcpack":720140685,"tcpwin":8230,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:41.689159+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:41.689175+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:41.748387+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":57,"tcpseq":385957655,"tcpack":720470717,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:41.776734+0100","flow_id":1691610610250468,"event_type":"drop","src_ip":"192.168.1.2","src_port":40252,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":12859,"tcpseq":4013634674,"tcpack":1268515118,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:41.801696+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":59,"tcpseq":385957925,"tcpack":720471262,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:41.854747+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:41.854929+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:42.108860+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":404,"tcpseq":385958246,"tcpack":721848335,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:42.163350+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":406,"tcpseq":385958516,"tcpack":721848881,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:42.215929+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:42.215999+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:42.505310+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":733,"tcpseq":385958837,"tcpack":723237731,"tcpwin":8230,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:42.557813+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":735,"tcpseq":385959107,"tcpack":723238276,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:42.609983+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:42.610050+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:42.739796+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":1027,"tcpseq":385959428,"tcpack":724415669,"tcpwin":8234,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:42.791877+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":1029,"tcpseq":385959698,"tcpack":724416215,"tcpwin":8231,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:42.840927+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:42.840960+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:42.947195+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":1303,"tcpseq":385960019,"tcpack":725585921,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:43.000446+0100","flow_id":1445111700684829,"event_type":"drop","src_ip":"192.168.8.4","src_port":64812,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":1305,"tcpseq":385960289,"tcpack":725586466,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:03:43.054431+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:43.054703+0100","flow_id":1445111700684829,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64812,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:43.360377+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":32131,"tcpseq":309757767,"tcpack":2396417313,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:43.823286+0100","flow_id":2156070522818342,"event_type":"drop","src_ip":"192.168.1.2","src_port":40266,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":40890,"tcpseq":1852829466,"tcpack":3111413308,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:44.099560+0100","flow_id":2156070522818342,"event_type":"drop","src_ip":"192.168.1.2","src_port":40266,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":40957,"tcpseq":1852829815,"tcpack":3111505960,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:44.569561+0100","flow_id":2156070522818342,"event_type":"drop","src_ip":"192.168.1.2","src_port":40266,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":40972,"tcpseq":1852830164,"tcpack":3111544691,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:44.807612+0100","flow_id":2156070522818342,"event_type":"drop","src_ip":"192.168.1.2","src_port":40266,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":40981,"tcpseq":1852830513,"tcpack":3111553037,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:45.251918+0100","flow_id":2156070522818342,"event_type":"drop","src_ip":"192.168.1.2","src_port":40266,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":40985,"tcpseq":1852830862,"tcpack":3111559829,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:45.474051+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":32143,"tcpseq":309758152,"tcpack":2396431153,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:45.802338+0100","flow_id":1606248137047495,"event_type":"drop","src_ip":"192.168.1.2","src_port":40268,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":8459,"tcpseq":1102338388,"tcpack":4243220267,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:46.029533+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":19452,"tcpseq":317359068,"tcpack":1005375488,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:46.848685+0100","flow_id":241298940555911,"event_type":"drop","src_ip":"192.168.1.2","src_port":40270,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":31470,"tcpseq":2829584031,"tcpack":2589037450,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:47.150170+0100","flow_id":241298940555911,"event_type":"drop","src_ip":"192.168.1.2","src_port":40270,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":31522,"tcpseq":2829584380,"tcpack":2589108197,"tcpwin":1354,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:47.589551+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":19583,"tcpseq":317359453,"tcpack":1005721524,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:48.085395+0100","flow_id":1586587924443020,"event_type":"drop","src_ip":"192.168.1.2","src_port":40272,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":4681,"tcpseq":648057722,"tcpack":1398374873,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:48.366391+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":19596,"tcpseq":317359838,"tcpack":1005736627,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:48.916832+0100","flow_id":2086092621003557,"event_type":"drop","src_ip":"192.168.1.2","src_port":40274,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":3911,"tcpseq":721062708,"tcpack":2343037371,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:49.185286+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":32219,"tcpseq":309758537,"tcpack":2396618727,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:50.083611+0100","flow_id":1060486643074611,"event_type":"drop","src_ip":"192.168.1.2","src_port":40276,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":14046,"tcpseq":3817521098,"tcpack":373284269,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:50.307128+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":19620,"tcpseq":317360223,"tcpack":1005776205,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:51.472391+0100","flow_id":107371123127474,"event_type":"drop","src_ip":"192.168.1.2","src_port":40278,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":18421,"tcpseq":3140536690,"tcpack":1744714811,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:51.695226+0100","flow_id":802359098181998,"event_type":"drop","src_ip":"192.168.1.2","src_port":35818,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":20007,"tcpseq":317360608,"tcpack":1006860329,"tcpwin":5638,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:52.656989+0100","flow_id":1806056458552755,"event_type":"drop","src_ip":"192.168.1.2","src_port":40280,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":33256,"tcpseq":953881286,"tcpack":3414641433,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:52.963822+0100","flow_id":1806056458552755,"event_type":"drop","src_ip":"192.168.1.2","src_port":40280,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":33262,"tcpseq":953881635,"tcpack":3414646690,"tcpwin":319,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:53.833042+0100","flow_id":1806056458552755,"event_type":"drop","src_ip":"192.168.1.2","src_port":40280,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":34022,"tcpseq":953881984,"tcpack":3415953668,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:54.164653+0100","flow_id":1806056458552755,"event_type":"drop","src_ip":"192.168.1.2","src_port":40280,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":34105,"tcpseq":953882333,"tcpack":3416159840,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:54.651769+0100","flow_id":1806056458552755,"event_type":"drop","src_ip":"192.168.1.2","src_port":40280,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":34112,"tcpseq":953882682,"tcpack":3416165740,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:54.922114+0100","flow_id":1806056458552755,"event_type":"drop","src_ip":"192.168.1.2","src_port":40280,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":34116,"tcpseq":953883031,"tcpack":3416167517,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:55.712195+0100","flow_id":1806056458552755,"event_type":"drop","src_ip":"192.168.1.2","src_port":40280,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":34582,"tcpseq":953883380,"tcpack":3417477937,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:56.191591+0100","flow_id":1806056458552755,"event_type":"drop","src_ip":"192.168.1.2","src_port":40280,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":34958,"tcpseq":953883729,"tcpack":3418527078,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:56.811923+0100","flow_id":1806056458552755,"event_type":"drop","src_ip":"192.168.1.2","src_port":40280,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":35423,"tcpseq":953884078,"tcpack":3419836916,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:57.605032+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":32597,"tcpseq":309758922,"tcpack":2397675947,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:58.198583+0100","flow_id":378722862368331,"event_type":"drop","src_ip":"192.168.1.2","src_port":40284,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":2967,"tcpseq":1960878942,"tcpack":1540678512,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:58.422989+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":32970,"tcpseq":309759307,"tcpack":2398725179,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:59.255115+0100","flow_id":1010121709708124,"event_type":"drop","src_ip":"192.168.1.2","src_port":40286,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":10377,"tcpseq":1642234991,"tcpack":2174510020,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:03:59.478261+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":33384,"tcpseq":309759692,"tcpack":2399885443,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:04:00.132117+0100","flow_id":585882020086721,"event_type":"drop","src_ip":"192.168.1.2","src_port":40288,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":9790,"tcpseq":304911977,"tcpack":67339089,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:04:00.360390+0100","flow_id":867043452883271,"event_type":"drop","src_ip":"192.168.1.2","src_port":32950,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":437,"tos":0,"ttl":64,"ipid":33829,"tcpseq":309760077,"tcpack":2401135315,"tcpwin":4896,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:04:01.027275+0100","flow_id":472593667811648,"event_type":"drop","src_ip":"192.168.1.2","src_port":40292,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":401,"tos":0,"ttl":64,"ipid":26284,"tcpseq":997905791,"tcpack":1885110965,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:04:15.249110+0100","flow_id":1819901287189464,"event_type":"drop","src_ip":"192.168.1.2","src_port":40384,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":398,"tos":0,"ttl":64,"ipid":60854,"tcpseq":3210479320,"tcpack":2853404716,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:04:25.001319+0100","flow_id":1027267220800464,"event_type":"drop","src_ip":"192.168.1.2","src_port":40472,"dest_ip":"88.221.145.57","dest_port":80,"proto":"TCP","drop":{"len":399,"tos":0,"ttl":64,"ipid":19746,"tcpseq":1932352603,"tcpack":1838254095,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:43.210757+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":697,"tcpseq":2674309118,"tcpack":754619117,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:43.304620+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":384,"tos":2,"ttl":127,"ipid":700,"tcpseq":2674309388,"tcpack":754619662,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:43.352154+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:43.352176+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:44.328898+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":389,"tos":2,"ttl":127,"ipid":803,"tcpseq":2674309732,"tcpack":755010647,"tcpwin":8233,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:45.352210+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":390,"tos":2,"ttl":127,"ipid":931,"tcpseq":2674310081,"tcpack":755489054,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:45.850855+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":292,"tos":2,"ttl":127,"ipid":1049,"tcpseq":2674310431,"tcpack":755992869,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:45.905132+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":367,"tos":2,"ttl":127,"ipid":1051,"tcpseq":2674310683,"tcpack":755993415,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:45.952086+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:45.952103+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:46.929617+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":373,"tos":2,"ttl":127,"ipid":1569,"tcpseq":2674311010,"tcpack":758066748,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:47.957165+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":373,"tos":2,"ttl":127,"ipid":2548,"tcpseq":2674311343,"tcpack":762193025,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:48.105188+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":2789,"tcpseq":2674311676,"tcpack":763203432,"tcpwin":8233,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:48.161356+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":2791,"tcpseq":2674311946,"tcpack":763203978,"tcpwin":8231,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:48.211722+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:48.211772+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:48.360263+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":3193,"tcpseq":2674312267,"tcpack":764845756,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:48.417396+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":3195,"tcpseq":2674312537,"tcpack":764846301,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:48.464888+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:48.464910+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:48.598562+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":3562,"tcpseq":2674312858,"tcpack":766422542,"tcpwin":8231,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:48.653495+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":3564,"tcpseq":2674313128,"tcpack":766423088,"tcpwin":8229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:48.700120+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:48.700366+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:48.829071+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":292,"tos":2,"ttl":127,"ipid":3945,"tcpseq":2674313449,"tcpack":768004962,"tcpwin":8231,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:48.885727+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":343,"tos":2,"ttl":127,"ipid":3947,"tcpseq":2674313701,"tcpack":768005507,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:48.932930+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:48.932979+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:48.956066+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":4007,"tcpseq":2674314004,"tcpack":768283828,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:49.044596+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":4010,"tcpseq":2674314274,"tcpack":768284372,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:49.091932+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:49.092118+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:49.203995+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":292,"tos":2,"ttl":127,"ipid":4389,"tcpseq":2674314595,"tcpack":770044420,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:49.260123+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"192.168.8.4","src_port":64838,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":343,"tos":2,"ttl":127,"ipid":4391,"tcpseq":2674314847,"tcpack":770044966,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:13:49.309104+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:49.309153+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:57.925494+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2012252,"rev":3,"signature":"ET SHELLCODE Common 0a0a0a0a Heap Spray String","category":"Executable code was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:13:57.925501+0100","flow_id":1151477711573807,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2012252,"rev":3,"signature":"ET SHELLCODE Common 0a0a0a0a Heap Spray String","category":"Executable code was detected","severity":1}} | |
| {"timestamp":"2017-12-15T05:18:38.240996+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","drop":{"len":1492,"tos":2,"ttl":117,"ipid":24391,"tcpseq":1174159228,"tcpack":2674399280,"tcpwin":8207,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:18:39.140075+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":24468,"tcpseq":1174159228,"tcpack":2674399280,"tcpwin":8207,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:18:40.124527+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":24469,"tcpseq":1174159228,"tcpack":2674399280,"tcpwin":8207,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:18:42.069960+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":24470,"tcpseq":1174159228,"tcpack":2674399280,"tcpwin":8207,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:18:45.962295+0100","flow_id":1151477711573807,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64838,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":24471,"tcpseq":1174159228,"tcpack":2674399280,"tcpwin":8207,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:50.104123+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":5561,"tcpseq":14097635,"tcpack":2888037574,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:50.281783+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":384,"tos":2,"ttl":127,"ipid":5564,"tcpseq":14097905,"tcpack":2888038119,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:50.334490+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:50.334548+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:51.304753+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":389,"tos":2,"ttl":127,"ipid":5641,"tcpseq":14098249,"tcpack":2888302606,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:52.329308+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":390,"tos":2,"ttl":127,"ipid":5672,"tcpseq":14098598,"tcpack":2888418023,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:53.350608+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":391,"tos":2,"ttl":127,"ipid":5854,"tcpseq":14098948,"tcpack":2889155450,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:53.592928+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":5911,"tcpseq":14099299,"tcpack":2889419609,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:53.648992+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":5913,"tcpseq":14099569,"tcpack":2889420155,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:53.700005+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:53.700054+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:54.219498+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":6310,"tcpseq":14099890,"tcpack":2891035821,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:54.307490+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":6313,"tcpseq":14100160,"tcpack":2891036364,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:54.359255+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:54.359306+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:54.816626+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":6689,"tcpseq":14100481,"tcpack":2892657659,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:54.872313+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":6691,"tcpseq":14100751,"tcpack":2892658205,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:54.924031+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:54.924078+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:55.463379+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":7119,"tcpseq":14101072,"tcpack":2894457679,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:55.520971+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":7121,"tcpseq":14101342,"tcpack":2894458223,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:55.572733+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:55.572952+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:55.605472+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":7231,"tcpseq":14101663,"tcpack":2894978207,"tcpwin":8230,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:55.657048+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":7233,"tcpseq":14101933,"tcpack":2894978752,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:55.704508+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:55.704555+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:55.905126+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":7672,"tcpseq":14102254,"tcpack":2896659953,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:55.960814+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":7674,"tcpseq":14102524,"tcpack":2896660499,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:56.011952+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:56.011995+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:56.096668+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":7966,"tcpseq":14102845,"tcpack":2897923909,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:56.148127+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"192.168.8.4","src_port":64844,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":7968,"tcpseq":14103115,"tcpack":2897924454,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:23:56.200019+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:56.200063+0100","flow_id":2178380809531967,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:23:56.632141+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","drop":{"len":1492,"tos":2,"ttl":117,"ipid":26308,"tcpseq":2899456862,"tcpack":14103794,"tcpwin":8207,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:24:04.316950+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","drop":{"len":1492,"tos":2,"ttl":117,"ipid":27354,"tcpseq":2995901845,"tcpack":14106300,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:24:04.328199+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":27486,"tcpseq":2995901845,"tcpack":14106300,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:24:04.428816+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":27487,"tcpseq":2995901845,"tcpack":14106300,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:24:04.628676+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":27488,"tcpseq":2995901845,"tcpack":14106300,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:24:05.027993+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":27489,"tcpseq":2995901845,"tcpack":14106300,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:24:05.828763+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":27490,"tcpseq":2995901845,"tcpack":14106300,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:24:07.428015+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":27491,"tcpseq":2995901845,"tcpack":14106300,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:24:10.628770+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":27493,"tcpseq":2995901845,"tcpack":14106300,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:24:17.028023+0100","flow_id":2178380809531967,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64844,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":27494,"tcpseq":2995901845,"tcpack":14106300,"tcpwin":8211,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:37.701042+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":2589,"tcpseq":4053242547,"tcpack":3216893734,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:37.777168+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":2592,"tcpseq":4053242817,"tcpack":3216894279,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:37.812348+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:37.812396+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:37.901827+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":2904,"tcpseq":4053243138,"tcpack":3218313336,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:37.942192+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":2906,"tcpseq":4053243408,"tcpack":3218313882,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:37.977349+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:37.977399+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:38.087245+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":292,"tos":2,"ttl":127,"ipid":3175,"tcpseq":4053243729,"tcpack":3219738060,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:38.121146+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":343,"tos":2,"ttl":127,"ipid":3177,"tcpseq":4053243981,"tcpack":3219738605,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:38.156775+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:38.156837+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:38.850002+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":292,"tos":2,"ttl":127,"ipid":4708,"tcpseq":4053244284,"tcpack":3226976542,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:38.890399+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":343,"tos":2,"ttl":127,"ipid":4710,"tcpseq":4053244536,"tcpack":3226977087,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:38.924597+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:38.924645+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:40.707895+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":6165,"tcpseq":4053244839,"tcpack":3234254448,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:40.744110+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":6167,"tcpseq":4053245109,"tcpack":3234254994,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:40.789352+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:40.789401+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:40.886083+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":292,"tos":2,"ttl":127,"ipid":6512,"tcpseq":4053245430,"tcpack":3235666372,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:40.921779+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":343,"tos":2,"ttl":127,"ipid":6514,"tcpseq":4053245682,"tcpack":3235666917,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:40.957856+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:40.958000+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:40.976366+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":6566,"tcpseq":4053245985,"tcpack":3235949334,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:44.299910+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":6569,"tcpseq":4053246255,"tcpack":3235949878,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:44.331106+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:44.331247+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:44.369476+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":6712,"tcpseq":4053246576,"tcpack":3236509286,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:44.405338+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"192.168.8.4","src_port":64847,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":6714,"tcpseq":4053246846,"tcpack":3236509832,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:44.441606+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:44.441653+0100","flow_id":1831484910995507,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:29:48.057042+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","drop":{"len":1492,"tos":2,"ttl":117,"ipid":30997,"tcpseq":3290466243,"tcpack":4053248599,"tcpwin":8208,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:48.073377+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":31190,"tcpseq":3290466243,"tcpack":4053248599,"tcpwin":8208,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:48.165299+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":31512,"tcpseq":3290466243,"tcpack":4053248599,"tcpwin":8208,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:48.365591+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":31524,"tcpseq":3290466243,"tcpack":4053248599,"tcpwin":8208,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:48.765829+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":31566,"tcpseq":3290466243,"tcpack":4053248599,"tcpwin":8208,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:49.565666+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":31714,"tcpseq":3290466243,"tcpack":4053248599,"tcpwin":8208,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:51.164764+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":31938,"tcpseq":3290466243,"tcpack":4053248599,"tcpwin":8208,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:29:54.365672+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":32023,"tcpseq":3290466243,"tcpack":4053248599,"tcpwin":8208,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:30:00.766090+0100","flow_id":1831484910995507,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64847,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":13,"tcpseq":3290466243,"tcpack":4053248599,"tcpwin":8208,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:44.578926+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":19505,"tcpseq":3716815408,"tcpack":4050935013,"tcpwin":1029,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:44.814397+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":19507,"tcpseq":3716815678,"tcpack":4050935559,"tcpwin":1027,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:45.042048+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:45.102347+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:45.823639+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":20056,"tcpseq":3716815999,"tcpack":4052572729,"tcpwin":1029,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:46.056369+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":20058,"tcpseq":3716816269,"tcpack":4052573275,"tcpwin":1027,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:46.283772+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:46.344466+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:46.593588+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":20489,"tcpseq":3716816590,"tcpack":4053894541,"tcpwin":1026,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:46.824598+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":20491,"tcpseq":3716816860,"tcpack":4053895087,"tcpwin":1024,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:47.052379+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:47.110656+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:47.361716+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":20954,"tcpseq":3716817181,"tcpack":4055332065,"tcpwin":1029,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:47.599440+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":20956,"tcpseq":3716817451,"tcpack":4055332609,"tcpwin":1027,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:47.827216+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:47.886913+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:48.027105+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":21138,"tcpseq":3716817772,"tcpack":4055913521,"tcpwin":1028,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:48.261749+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":21140,"tcpseq":3716818042,"tcpack":4055914066,"tcpwin":1026,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:48.491522+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:48.551222+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:48.907190+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":21682,"tcpseq":3716818363,"tcpack":4057610627,"tcpwin":1029,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:49.139570+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":21684,"tcpseq":3716818633,"tcpack":4057611172,"tcpwin":1027,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:49.367387+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:49.426386+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:49.672143+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":22146,"tcpseq":3716818954,"tcpack":4059053269,"tcpwin":1029,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:49.906258+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":22148,"tcpseq":3716819224,"tcpack":4059053814,"tcpwin":1027,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:50.135884+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:50.195142+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:50.437442+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":22603,"tcpseq":3716819545,"tcpack":4060483111,"tcpwin":1029,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:50.670981+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":22605,"tcpseq":3716819815,"tcpack":4060483656,"tcpwin":1027,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:50.908145+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:50.967780+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:51.302721+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":292,"tos":2,"ttl":127,"ipid":23118,"tcpseq":3716820136,"tcpack":4062115193,"tcpwin":1029,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:51.558894+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"192.168.8.4","src_port":64852,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":343,"tos":2,"ttl":127,"ipid":23120,"tcpseq":3716820388,"tcpack":4062115738,"tcpwin":1027,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:34:51.788022+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:34:51.847724+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:39:52.148314+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:39:52.148362+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:39:57.841036+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:39:57.841213+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:40:04.462476+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:40:04.462502+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:40:12.124997+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:40:12.125058+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:40:13.426526+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:40:13.426771+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:40:19.281003+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:40:19.281236+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:40:24.873258+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:40:24.873298+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:40:27.395056+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:40:27.395102+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:40:34.256274+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:40:34.256320+0100","flow_id":673523096136988,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:45:24.488975+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","drop":{"len":1492,"tos":2,"ttl":117,"ipid":8417,"tcpseq":868424861,"tcpack":3717041385,"tcpwin":8210,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:45:24.502686+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":8579,"tcpseq":868424861,"tcpack":3717041385,"tcpwin":8210,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:45:24.597352+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":8658,"tcpseq":868424861,"tcpack":3717041385,"tcpwin":8210,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:45:24.797392+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":8659,"tcpseq":868424861,"tcpack":3717041385,"tcpwin":8210,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:45:25.197894+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":8660,"tcpseq":868424861,"tcpack":3717041385,"tcpwin":8210,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:45:25.997523+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":8776,"tcpseq":868424861,"tcpack":3717041385,"tcpwin":8210,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:45:27.598043+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":9168,"tcpseq":868424861,"tcpack":3717041385,"tcpwin":8210,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:45:30.797606+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":9467,"tcpseq":868424861,"tcpack":3717041385,"tcpwin":8210,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:45:37.196900+0100","flow_id":673523096136988,"event_type":"drop","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64852,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":117,"ipid":9601,"tcpseq":868424861,"tcpack":3717041385,"tcpwin":8210,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:45:40.439348+0100","flow_id":812461036178547,"event_type":"drop","src_ip":"192.168.8.4","src_port":64856,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":310,"tos":2,"ttl":127,"ipid":4357,"tcpseq":264323367,"tcpack":2793181954,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:45:40.538810+0100","flow_id":812461036178547,"event_type":"drop","src_ip":"192.168.8.4","src_port":64856,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":361,"tos":2,"ttl":127,"ipid":4360,"tcpseq":264323637,"tcpack":2793182498,"tcpwin":8232,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:45:40.588721+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:45:40.633486+0100","flow_id":812461036178547,"event_type":"drop","src_ip":"192.168.8.4","src_port":64856,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":292,"tos":2,"ttl":127,"ipid":4442,"tcpseq":264323958,"tcpack":2793518162,"tcpwin":8235,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T05:45:40.703048+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:45:41.959612+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:45:42.001510+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:45:42.537527+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:45:43.483797+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:45:43.628595+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:45:43.682845+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:45:43.811276+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:09.970131+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:12.931383+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:13.057865+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:13.109847+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:13.163564+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:13.299157+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:13.367637+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:13.587136+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:13.700386+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:33.080396+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:33.080442+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:33.206631+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:33.491121+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:33.638920+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:33.814422+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:34.446453+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:35.192688+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:35.537314+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:35.671354+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:35.721080+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:43.538567+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:43.538589+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:43.789858+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:43.789892+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:43.920111+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:43.920144+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:44.024362+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:44.024398+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:44.470566+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:44.470606+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:44.741818+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:44.741858+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:44.909950+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:44.909997+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:45.106122+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:45.106137+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:45.314123+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:45.314144+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:45.782139+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:45.782161+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:52.957604+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:52.957626+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:54.124355+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:54.124375+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:54.446645+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:54.446666+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:54.694175+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:54.694196+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:55.034646+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:55.034666+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:55.099096+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:55.099117+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:56.243828+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:56.244056+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:56.371104+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:56.371122+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:56.447594+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:56.447620+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:56.752815+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:46:56.752830+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:03.295652+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:03.295670+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:03.454889+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:03.454909+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:03.751581+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:03.751813+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:03.919624+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:03.919814+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:04.321608+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:04.321629+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:05.517581+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:05.517604+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:06.018364+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:06.018385+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:06.630358+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:06.630379+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:06.853583+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:06.853605+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:07.293331+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:07.293361+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:13.156364+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:13.156387+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:13.620339+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:13.620362+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:13.804385+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:13.804402+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:14.799844+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:14.799866+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:15.056199+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:15.056216+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:15.649591+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:15.649612+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:15.815595+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:15.815617+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:16.001080+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:16.001112+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:16.120108+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:16.120322+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:43.122894+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:43.122919+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:44.716669+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:44.716835+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:46.848353+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:46.848367+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:49.542118+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:49.542348+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:51.711163+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:47:51.711187+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:48:47.543402+0100","flow_id":211425472498346,"event_type":"alert","src_ip":"47.91.40.207","src_port":45538,"dest_ip":"192.168.1.2","dest_port":993,"proto":"TCP","alert":{"action":"blocked","gid":1,"signature_id":2403325,"rev":36900,"signature":"ET CINS Active Threat Intelligence Poor Reputation IP group 26","category":"Misc Attack","severity":2}} | |
| {"timestamp":"2017-12-15T05:48:47.543402+0100","flow_id":211425472498346,"event_type":"drop","src_ip":"47.91.40.207","src_port":45538,"dest_ip":"192.168.1.2","dest_port":993,"proto":"TCP","drop":{"len":44,"tos":0,"ttl":236,"ipid":10156,"tcpseq":3301693696,"tcpack":0,"tcpwin":1024,"syn":true,"ack":false,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2403325,"rev":36900,"signature":"ET CINS Active Threat Intelligence Poor Reputation IP group 26","category":"Misc Attack","severity":2}} | |
| {"timestamp":"2017-12-15T05:49:15.041235+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:49:15.041267+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:49:17.073191+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:49:17.073213+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:49:54.711517+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:49:54.711542+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:50:36.543510+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:50:36.543529+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:50:41.376016+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T05:50:41.376289+0100","flow_id":812461036178547,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.8.4","dest_port":64856,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T06:47:00.248386+0100","flow_id":697040473737475,"event_type":"drop","src_ip":"192.168.1.2","src_port":33976,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":36672,"tcpseq":2780590680,"tcpack":165835958,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T06:47:00.384570+0100","flow_id":1242546417491203,"event_type":"drop","src_ip":"192.168.1.2","src_port":33978,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":9332,"tcpseq":2395920769,"tcpack":140065660,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T06:47:00.877010+0100","flow_id":1536551961256079,"event_type":"drop","src_ip":"192.168.1.2","src_port":33980,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":21430,"tcpseq":2470161514,"tcpack":820013217,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T06:47:00.981284+0100","flow_id":1639654798718985,"event_type":"drop","src_ip":"192.168.1.2","src_port":33982,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":42262,"tcpseq":1299555668,"tcpack":824746329,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:06:22.300354+0100","flow_id":483129703699778,"event_type":"alert","src_ip":"89.163.227.15","src_port":48999,"dest_ip":"192.168.1.2","dest_port":25,"proto":"TCP","alert":{"action":"blocked","gid":1,"signature_id":2403373,"rev":36900,"signature":"ET CINS Active Threat Intelligence Poor Reputation IP group 74","category":"Misc Attack","severity":2}} | |
| {"timestamp":"2017-12-15T07:06:22.300354+0100","flow_id":483129703699778,"event_type":"drop","src_ip":"89.163.227.15","src_port":48999,"dest_ip":"192.168.1.2","dest_port":25,"proto":"TCP","drop":{"len":48,"tos":0,"ttl":114,"ipid":53349,"tcpseq":174971833,"tcpack":1785943086,"tcpwin":65535,"syn":true,"ack":false,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2403373,"rev":36900,"signature":"ET CINS Active Threat Intelligence Poor Reputation IP group 74","category":"Misc Attack","severity":2}} | |
| {"timestamp":"2017-12-15T07:25:51.960447+0100","flow_id":2032107588102495,"event_type":"alert","src_ip":"185.216.140.40","src_port":49103,"dest_ip":"192.168.1.2","dest_port":3000,"proto":"TCP","alert":{"action":"blocked","gid":1,"signature_id":2023753,"rev":2,"signature":"ET SCAN MS Terminal Server Traffic on Non-standard Port","category":"Attempted Information Leak","severity":2}} | |
| {"timestamp":"2017-12-15T07:25:51.960447+0100","flow_id":2032107588102495,"event_type":"drop","src_ip":"185.216.140.40","src_port":49103,"dest_ip":"192.168.1.2","dest_port":3000,"proto":"TCP","drop":{"len":82,"tos":0,"ttl":116,"ipid":1356,"tcpseq":3864472424,"tcpack":3315654374,"tcpwin":260,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2023753,"rev":2,"signature":"ET SCAN MS Terminal Server Traffic on Non-standard Port","category":"Attempted Information Leak","severity":2}} | |
| {"timestamp":"2017-12-15T07:26:21.956831+0100","flow_id":2032107588102495,"event_type":"drop","src_ip":"192.168.1.2","src_port":3000,"dest_ip":"185.216.140.40","dest_port":49103,"proto":"TCP","drop":{"len":108,"tos":0,"ttl":64,"ipid":20297,"tcpseq":3315654374,"tcpack":3864472424,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T07:30:24.084918+0100","flow_id":940969016990022,"event_type":"alert","src_ip":"185.216.140.40","src_port":58796,"dest_ip":"192.168.8.5","dest_port":8000,"proto":"TCP","alert":{"action":"blocked","gid":1,"signature_id":2023753,"rev":2,"signature":"ET SCAN MS Terminal Server Traffic on Non-standard Port","category":"Attempted Information Leak","severity":2}} | |
| {"timestamp":"2017-12-15T07:30:24.084918+0100","flow_id":940969016990022,"event_type":"drop","src_ip":"185.216.140.40","src_port":58796,"dest_ip":"192.168.8.5","dest_port":8000,"proto":"TCP","drop":{"len":82,"tos":2,"ttl":115,"ipid":18714,"tcpseq":3895249429,"tcpack":541815029,"tcpwin":260,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2023753,"rev":2,"signature":"ET SCAN MS Terminal Server Traffic on Non-standard Port","category":"Attempted Information Leak","severity":2}} | |
| {"timestamp":"2017-12-15T07:36:23.521059+0100","flow_id":617427006648873,"event_type":"alert","src_ip":"192.168.1.2","src_port":41346,"dest_ip":"104.106.117.189","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"blocked","gid":1,"signature_id":2009005,"rev":10,"signature":"ET MALWARE Simbar Spyware User-Agent Detected","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"armmf.adobe.com","url":"\/arm-manifests\/win\/Upgrade\/1040\/LatestReader11UpgradeManifest.msi","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\/4.0; BTRS124349; SIMBAR={F96CE668-AFB0-43FA-81F8-B49FE95D854F}; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C)","xff":"192.168.8.98","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T07:36:23.521059+0100","flow_id":617427006648873,"event_type":"drop","src_ip":"192.168.1.2","src_port":41346,"dest_ip":"104.106.117.189","dest_port":80,"proto":"TCP","drop":{"len":543,"tos":0,"ttl":64,"ipid":24764,"tcpseq":2861585418,"tcpack":2306644230,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":0,"alert":{"action":"blocked","gid":1,"signature_id":2009005,"rev":10,"signature":"ET MALWARE Simbar Spyware User-Agent Detected","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T07:36:23.728790+0100","flow_id":617427006648873,"event_type":"drop","src_ip":"192.168.1.2","src_port":41346,"dest_ip":"104.106.117.189","dest_port":80,"proto":"TCP","drop":{"len":543,"tos":0,"ttl":64,"ipid":24765,"tcpseq":2861585418,"tcpack":2306644230,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T07:36:56.425134+0100","flow_id":295931526806408,"event_type":"alert","src_ip":"192.168.1.2","src_port":50174,"dest_ip":"52.16.249.96","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"blocked","gid":1,"signature_id":2009005,"rev":10,"signature":"ET MALWARE Simbar Spyware User-Agent Detected","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"www.sweetim.com","url":"\/autoupdate\/u.asp","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident\/4.0; BTRS124349; SIMBAR={F96CE668-AFB0-43FA-81F8-B49FE95D854F}; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C)","xff":"192.168.8.98","http_method":"POST","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T07:36:56.425134+0100","flow_id":295931526806408,"event_type":"drop","src_ip":"192.168.1.2","src_port":50174,"dest_ip":"52.16.249.96","dest_port":80,"proto":"TCP","drop":{"len":528,"tos":0,"ttl":64,"ipid":64626,"tcpseq":820398443,"tcpack":4219614168,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":0,"alert":{"action":"blocked","gid":1,"signature_id":2009005,"rev":10,"signature":"ET MALWARE Simbar Spyware User-Agent Detected","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T07:36:56.425502+0100","flow_id":295931526806408,"event_type":"drop","src_ip":"192.168.1.2","src_port":50174,"dest_ip":"52.16.249.96","dest_port":80,"proto":"TCP","drop":{"len":804,"tos":0,"ttl":64,"ipid":64627,"tcpseq":820398919,"tcpack":4219614168,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T07:41:03.375329+0100","flow_id":1272965735872752,"event_type":"alert","src_ip":"95.100.86.9","src_port":443,"dest_ip":"192.168.1.2","dest_port":48128,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2019416,"rev":3,"signature":"ET POLICY SSLv3 outbound connection from client vulnerable to POODLE attack","category":"Potential Corporate Privacy Violation","severity":1},"tls":{"version":"SSLv3"}} | |
| {"timestamp":"2017-12-15T07:41:12.378054+0100","flow_id":1197627715142540,"event_type":"drop","src_ip":"192.168.1.2","src_port":35722,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":43266,"tcpseq":80294924,"tcpack":141206514,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:41:12.543015+0100","flow_id":1352875750475734,"event_type":"drop","src_ip":"192.168.1.2","src_port":35724,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":45466,"tcpseq":1953770537,"tcpack":148514583,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:41:14.806047+0100","flow_id":539471221771110,"event_type":"drop","src_ip":"192.168.1.2","src_port":35726,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":51965,"tcpseq":1495231614,"tcpack":820970267,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:41:14.885961+0100","flow_id":248912389243823,"event_type":"drop","src_ip":"192.168.1.2","src_port":35728,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":33772,"tcpseq":3383239998,"tcpack":833644945,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:45:28.880512+0100","flow_id":1993987683020672,"event_type":"alert","src_ip":"104.236.167.211","src_port":40861,"dest_ip":"192.168.1.2","dest_port":2222,"proto":"TCP","alert":{"action":"blocked","gid":1,"signature_id":2403393,"rev":36900,"signature":"ET CINS Active Threat Intelligence Poor Reputation IP group 94","category":"Misc Attack","severity":2}} | |
| {"timestamp":"2017-12-15T07:45:28.880512+0100","flow_id":1993987683020672,"event_type":"drop","src_ip":"104.236.167.211","src_port":40861,"dest_ip":"192.168.1.2","dest_port":2222,"proto":"TCP","drop":{"len":44,"tos":0,"ttl":244,"ipid":54321,"tcpseq":669897070,"tcpack":0,"tcpwin":65535,"syn":true,"ack":false,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2403393,"rev":36900,"signature":"ET CINS Active Threat Intelligence Poor Reputation IP group 94","category":"Misc Attack","severity":2}} | |
| {"timestamp":"2017-12-15T07:52:27.765911+0100","flow_id":413216407270652,"event_type":"drop","src_ip":"88.221.145.139","src_port":80,"dest_ip":"192.168.1.2","dest_port":42026,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":62807,"tcpseq":3943143710,"tcpack":1784408774,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:52:27.774038+0100","flow_id":413216407270652,"event_type":"drop","src_ip":"88.221.145.139","src_port":80,"dest_ip":"192.168.1.2","dest_port":42026,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":62826,"tcpseq":3943143710,"tcpack":1784408774,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:52:27.994083+0100","flow_id":413216407270652,"event_type":"drop","src_ip":"88.221.145.139","src_port":80,"dest_ip":"192.168.1.2","dest_port":42026,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":62827,"tcpseq":3943143710,"tcpack":1784408774,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:52:28.213524+0100","flow_id":413216407270652,"event_type":"drop","src_ip":"88.221.145.139","src_port":80,"dest_ip":"192.168.1.2","dest_port":42026,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":62828,"tcpseq":3943143710,"tcpack":1784408774,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:52:28.449872+0100","flow_id":413216407270652,"event_type":"drop","src_ip":"88.221.145.139","src_port":80,"dest_ip":"192.168.1.2","dest_port":42026,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":62829,"tcpseq":3943143710,"tcpack":1784408774,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:52:28.702775+0100","flow_id":413216407270652,"event_type":"drop","src_ip":"88.221.145.139","src_port":80,"dest_ip":"192.168.1.2","dest_port":42026,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":62830,"tcpseq":3943143710,"tcpack":1784408774,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:52:29.021801+0100","flow_id":413216407270652,"event_type":"drop","src_ip":"88.221.145.139","src_port":80,"dest_ip":"192.168.1.2","dest_port":42026,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":62831,"tcpseq":3943143710,"tcpack":1784408774,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:52:29.580557+0100","flow_id":413216407270652,"event_type":"drop","src_ip":"88.221.145.139","src_port":80,"dest_ip":"192.168.1.2","dest_port":42026,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":62832,"tcpseq":3943143710,"tcpack":1784408774,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:52:30.678507+0100","flow_id":413216407270652,"event_type":"drop","src_ip":"88.221.145.139","src_port":80,"dest_ip":"192.168.1.2","dest_port":42026,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":62833,"tcpseq":3943143710,"tcpack":1784408774,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:52:33.407517+0100","flow_id":413216407270652,"event_type":"drop","src_ip":"88.221.145.139","src_port":80,"dest_ip":"192.168.1.2","dest_port":42026,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":62834,"tcpseq":3943143710,"tcpack":1784408774,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:52:37.815722+0100","flow_id":413216407270652,"event_type":"drop","src_ip":"88.221.145.139","src_port":80,"dest_ip":"192.168.1.2","dest_port":42026,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":62836,"tcpseq":3943143710,"tcpack":1784408775,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:52:46.423910+0100","flow_id":413216407270652,"event_type":"drop","src_ip":"88.221.145.139","src_port":80,"dest_ip":"192.168.1.2","dest_port":42026,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":62837,"tcpseq":3943143710,"tcpack":1784408775,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:53:03.448368+0100","flow_id":413216407270652,"event_type":"drop","src_ip":"88.221.145.139","src_port":80,"dest_ip":"192.168.1.2","dest_port":42026,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":62838,"tcpseq":3943143710,"tcpack":1784408775,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:53:37.241621+0100","flow_id":413216407270652,"event_type":"drop","src_ip":"88.221.145.139","src_port":80,"dest_ip":"192.168.1.2","dest_port":42026,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":62839,"tcpseq":3943143710,"tcpack":1784408775,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:54:17.779631+0100","flow_id":368658276270935,"event_type":"drop","src_ip":"192.168.9.96","src_port":49752,"dest_ip":"216.58.205.46","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":127,"ipid":29595,"tcpseq":2297649299,"tcpack":786921337,"tcpwin":258,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:54:18.198144+0100","flow_id":1703171187148071,"event_type":"drop","src_ip":"192.168.1.2","src_port":56842,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":853,"tos":0,"ttl":64,"ipid":3634,"tcpseq":78877849,"tcpack":179459645,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:54:18.487600+0100","flow_id":1703171187148071,"event_type":"drop","src_ip":"192.168.1.2","src_port":56842,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":925,"tos":0,"ttl":64,"ipid":3637,"tcpseq":78878650,"tcpack":179460149,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:54:18.914806+0100","flow_id":346184857006454,"event_type":"alert","src_ip":"192.168.1.2","src_port":41172,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":5,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/045851f375c4acfe\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335258&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513320798&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=42A353606DF23C906F355F753FEA7C8454709DED.0498AF57BB30B9C2AF4DEC160C69A5394D7BF699&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.9.96","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T07:54:18.914806+0100","flow_id":346184857006454,"event_type":"drop","src_ip":"192.168.1.2","src_port":41172,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":54279,"tcpseq":2995794154,"tcpack":3088262768,"tcpwin":4491,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":5,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T07:54:19.133747+0100","flow_id":346184857006454,"event_type":"drop","src_ip":"192.168.1.2","src_port":41172,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":54280,"tcpseq":2995794154,"tcpack":3088262768,"tcpwin":4491,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T07:54:51.647133+0100","flow_id":1997887550238279,"event_type":"drop","src_ip":"192.168.9.18","src_port":61097,"dest_ip":"216.58.205.46","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":127,"ipid":32106,"tcpseq":3550735824,"tcpack":1842570967,"tcpwin":16560,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:54:52.056720+0100","flow_id":2096012520643856,"event_type":"drop","src_ip":"192.168.1.2","src_port":57208,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":853,"tos":0,"ttl":64,"ipid":60433,"tcpseq":1506210534,"tcpack":304927487,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:54:52.320181+0100","flow_id":2096012520643856,"event_type":"drop","src_ip":"192.168.1.2","src_port":57208,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":925,"tos":0,"ttl":64,"ipid":60436,"tcpseq":1506211335,"tcpack":304927991,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T07:54:52.775104+0100","flow_id":1494459401042213,"event_type":"alert","src_ip":"192.168.1.2","src_port":44612,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/0458eaf464495f29\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335291&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513320798&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=28EDD40C2540FBDCFE5843AE11A6BDC70CBA4DC5.12AB9B09648572F2F4FB1DC6A63B9CDE81757109&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.9.18","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T07:54:52.775104+0100","flow_id":1494459401042213,"event_type":"drop","src_ip":"192.168.1.2","src_port":44612,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":20684,"tcpseq":2780387572,"tcpack":1252827686,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":1,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T07:54:53.001703+0100","flow_id":1494459401042213,"event_type":"drop","src_ip":"192.168.1.2","src_port":44612,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":20685,"tcpseq":2780387572,"tcpack":1252827686,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T07:56:05.288240+0100","flow_id":67714219861372,"event_type":"alert","src_ip":"192.168.1.2","src_port":45210,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/0458eaf464495f29\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335291&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513320798&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=28EDD40C2540FBDCFE5843AE11A6BDC70CBA4DC5.12AB9B09648572F2F4FB1DC6A63B9CDE81757109&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.9.18","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T07:56:05.288240+0100","flow_id":67714219861372,"event_type":"drop","src_ip":"192.168.1.2","src_port":45210,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":964,"tos":0,"ttl":64,"ipid":2959,"tcpseq":95958882,"tcpack":3680080589,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":0,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T07:56:05.510725+0100","flow_id":67714219861372,"event_type":"drop","src_ip":"192.168.1.2","src_port":45210,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":964,"tos":0,"ttl":64,"ipid":2960,"tcpseq":95958882,"tcpack":3680080589,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T07:56:15.375549+0100","flow_id":1133226881618444,"event_type":"alert","src_ip":"192.168.1.2","src_port":44584,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":5,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/0458eaf464495f29\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335291&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513320798&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=28EDD40C2540FBDCFE5843AE11A6BDC70CBA4DC5.12AB9B09648572F2F4FB1DC6A63B9CDE81757109&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.9.18","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T07:56:15.375549+0100","flow_id":1133226881618444,"event_type":"drop","src_ip":"192.168.1.2","src_port":44584,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":964,"tos":0,"ttl":64,"ipid":8145,"tcpseq":2841319964,"tcpack":1077577930,"tcpwin":6167,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":5,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T07:56:15.597795+0100","flow_id":1133226881618444,"event_type":"drop","src_ip":"192.168.1.2","src_port":44584,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":964,"tos":0,"ttl":64,"ipid":8146,"tcpseq":2841319964,"tcpack":1077577930,"tcpwin":6167,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T07:56:21.809796+0100","flow_id":1516535532881744,"event_type":"alert","src_ip":"192.168.1.2","src_port":44614,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":12,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/0458eaf464495f29\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335291&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513320798&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=28EDD40C2540FBDCFE5843AE11A6BDC70CBA4DC5.12AB9B09648572F2F4FB1DC6A63B9CDE81757109&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.9.18","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T07:56:21.809796+0100","flow_id":1516535532881744,"event_type":"drop","src_ip":"192.168.1.2","src_port":44614,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":964,"tos":0,"ttl":64,"ipid":55855,"tcpseq":1196157675,"tcpack":2312357958,"tcpwin":4997,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":12,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T07:56:22.027691+0100","flow_id":1516535532881744,"event_type":"drop","src_ip":"192.168.1.2","src_port":44614,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":964,"tos":0,"ttl":64,"ipid":55856,"tcpseq":1196157675,"tcpack":2312357958,"tcpwin":4997,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T07:59:19.498607+0100","flow_id":951354338905171,"event_type":"alert","src_ip":"192.168.1.2","src_port":41158,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":24,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/045851f375c4acfe\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335258&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513320798&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=42A353606DF23C906F355F753FEA7C8454709DED.0498AF57BB30B9C2AF4DEC160C69A5394D7BF699&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.9.96","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T07:59:19.498607+0100","flow_id":951354338905171,"event_type":"drop","src_ip":"192.168.1.2","src_port":41158,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":20514,"tcpseq":1167192847,"tcpack":3539692572,"tcpwin":5447,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":24,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T07:59:19.716762+0100","flow_id":951354338905171,"event_type":"drop","src_ip":"192.168.1.2","src_port":41158,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":20515,"tcpseq":1167192847,"tcpack":3539692572,"tcpwin":5447,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T07:59:56.620091+0100","flow_id":1007229741069792,"event_type":"drop","src_ip":"192.168.1.2","src_port":43446,"dest_ip":"88.221.145.9","dest_port":80,"proto":"TCP","drop":{"len":593,"tos":0,"ttl":64,"ipid":58542,"tcpseq":4264632372,"tcpack":2235128263,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2021381,"rev":7,"signature":"ET TROJAN Zberp receiving config via image file - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:00:19.481243+0100","flow_id":829327902186830,"event_type":"drop","src_ip":"192.168.8.125","src_port":57905,"dest_ip":"216.58.205.46","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":127,"ipid":4305,"tcpseq":2411286622,"tcpack":2248180232,"tcpwin":16560,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:00:19.915675+0100","flow_id":172794906408866,"event_type":"drop","src_ip":"192.168.1.2","src_port":33684,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":854,"tos":0,"ttl":64,"ipid":21428,"tcpseq":2446216240,"tcpack":2585743247,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:00:20.186280+0100","flow_id":172794906408866,"event_type":"drop","src_ip":"192.168.1.2","src_port":33684,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":926,"tos":0,"ttl":64,"ipid":21431,"tcpseq":2446217042,"tcpack":2585743751,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:00:20.653333+0100","flow_id":866258172211896,"event_type":"alert","src_ip":"192.168.1.2","src_port":48192,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":13,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/04584df971498be3\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335619&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513321159&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=71196AF1980E481798BF206A63DF5CB106A4810C.4A998D034B97349464E477545E85A1EEACC15B57&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.8.125","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:00:20.653333+0100","flow_id":866258172211896,"event_type":"drop","src_ip":"192.168.1.2","src_port":48192,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":962,"tos":0,"ttl":64,"ipid":37160,"tcpseq":2503669585,"tcpack":718033136,"tcpwin":5582,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":13,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T08:00:20.867786+0100","flow_id":866258172211896,"event_type":"drop","src_ip":"192.168.1.2","src_port":48192,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":962,"tos":0,"ttl":64,"ipid":37161,"tcpseq":2503669585,"tcpack":718033136,"tcpwin":5582,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:01:46.540695+0100","flow_id":754022098801428,"event_type":"drop","src_ip":"192.168.8.139","src_port":52439,"dest_ip":"216.58.205.46","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":127,"ipid":15153,"tcpseq":2383847374,"tcpack":2791576688,"tcpwin":16560,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:01:46.952540+0100","flow_id":1025051715078277,"event_type":"drop","src_ip":"192.168.1.2","src_port":34548,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":854,"tos":0,"ttl":64,"ipid":40923,"tcpseq":2564287556,"tcpack":4072961849,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:01:47.313953+0100","flow_id":1025051715078277,"event_type":"drop","src_ip":"192.168.1.2","src_port":34548,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":926,"tos":0,"ttl":64,"ipid":40926,"tcpseq":2564288358,"tcpack":4072962353,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:01:47.802983+0100","flow_id":2030505706621541,"event_type":"alert","src_ip":"192.168.1.2","src_port":50248,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/0458defa2b9ea640\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335706&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513321220&mv=m&nh=EAE&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=2FD4032E8770225EA9A0F5047D895AFAB64EF62A.65FAAD6D199EFB65C5D318964443551E6D5C2980&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.8.139","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:01:47.802983+0100","flow_id":2030505706621541,"event_type":"drop","src_ip":"192.168.1.2","src_port":50248,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":962,"tos":0,"ttl":64,"ipid":35865,"tcpseq":3035429857,"tcpack":2489018341,"tcpwin":2162,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":1,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T08:01:48.011692+0100","flow_id":2030505706621541,"event_type":"drop","src_ip":"192.168.1.2","src_port":50248,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":962,"tos":0,"ttl":64,"ipid":35866,"tcpseq":3035429857,"tcpack":2489018341,"tcpwin":2162,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:02:46.046024+0100","flow_id":114634616373691,"event_type":"drop","src_ip":"192.168.8.63","src_port":49893,"dest_ip":"216.58.205.46","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":127,"ipid":1178,"tcpseq":4179589656,"tcpack":218160102,"tcpwin":258,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:02:46.308725+0100","flow_id":1768983004362039,"event_type":"drop","src_ip":"192.168.1.2","src_port":36054,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":853,"tos":0,"ttl":64,"ipid":17546,"tcpseq":114499584,"tcpack":3184860865,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:02:46.649407+0100","flow_id":1768983004362039,"event_type":"drop","src_ip":"192.168.1.2","src_port":36054,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":925,"tos":0,"ttl":64,"ipid":17549,"tcpseq":114500385,"tcpack":3184861369,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:02:47.075774+0100","flow_id":474411130163229,"event_type":"alert","src_ip":"192.168.1.2","src_port":46216,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":19,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/0458d1fb1486e200\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335766&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513321284&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=3BF8406D2479696A62DB40FF907725B30BA3EB6C.42DF6A6181504AD2A9E15EC25ADE7A8013F2E6F5&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.8.63","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:02:47.075774+0100","flow_id":474411130163229,"event_type":"drop","src_ip":"192.168.1.2","src_port":46216,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":47924,"tcpseq":1988256430,"tcpack":695372985,"tcpwin":3961,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":19,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T08:02:47.288694+0100","flow_id":474411130163229,"event_type":"drop","src_ip":"192.168.1.2","src_port":46216,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":47925,"tcpseq":1988256430,"tcpack":695372985,"tcpwin":3961,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:02:51.682165+0100","flow_id":180231652195713,"event_type":"drop","src_ip":"192.168.9.94","src_port":55872,"dest_ip":"216.58.205.46","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":127,"ipid":19011,"tcpseq":1034461855,"tcpack":3802273363,"tcpwin":16560,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:02:52.034160+0100","flow_id":302273147995315,"event_type":"drop","src_ip":"192.168.1.2","src_port":36178,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":853,"tos":0,"ttl":64,"ipid":22800,"tcpseq":1880172763,"tcpack":538683631,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:02:52.348604+0100","flow_id":302273147995315,"event_type":"drop","src_ip":"192.168.1.2","src_port":36178,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":925,"tos":0,"ttl":64,"ipid":22803,"tcpseq":1880173564,"tcpack":538684135,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:02:52.787499+0100","flow_id":23070204770764,"event_type":"alert","src_ip":"192.168.1.2","src_port":47440,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":21,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/045831fbc89c7443\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335772&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513321284&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=6AE0D58C43659BD2D24145A98392338FF0E3A9F2.34EC77D5B00618497DE4EB09FD47E536242E0113&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.9.94","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:02:52.787499+0100","flow_id":23070204770764,"event_type":"drop","src_ip":"192.168.1.2","src_port":47440,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":33439,"tcpseq":35208444,"tcpack":4134065797,"tcpwin":4299,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":21,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T08:02:53.101735+0100","flow_id":23070204770764,"event_type":"drop","src_ip":"192.168.1.2","src_port":47440,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":33440,"tcpseq":35208444,"tcpack":4134065797,"tcpwin":4299,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:03:16.134407+0100","flow_id":10369991428286,"event_type":"drop","src_ip":"192.168.1.2","src_port":36400,"dest_ip":"193.45.6.10","dest_port":80,"proto":"TCP","drop":{"len":347,"tos":0,"ttl":64,"ipid":63389,"tcpseq":4151818043,"tcpack":242542481,"tcpwin":3551,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:16.446563+0100","flow_id":10369991428286,"event_type":"drop","src_ip":"192.168.1.2","src_port":36400,"dest_ip":"193.45.6.10","dest_port":80,"proto":"TCP","drop":{"len":347,"tos":0,"ttl":64,"ipid":63392,"tcpseq":4151818643,"tcpack":242543264,"tcpwin":3551,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:16.758318+0100","flow_id":10369991428286,"event_type":"drop","src_ip":"192.168.1.2","src_port":36400,"dest_ip":"193.45.6.10","dest_port":80,"proto":"TCP","drop":{"len":347,"tos":0,"ttl":64,"ipid":63397,"tcpseq":4151819243,"tcpack":242544047,"tcpwin":3551,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:17.093045+0100","flow_id":10369991428286,"event_type":"drop","src_ip":"192.168.1.2","src_port":36400,"dest_ip":"193.45.6.10","dest_port":80,"proto":"TCP","drop":{"len":347,"tos":0,"ttl":64,"ipid":63400,"tcpseq":4151819843,"tcpack":242544830,"tcpwin":3551,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:17.407642+0100","flow_id":10369991428286,"event_type":"drop","src_ip":"192.168.1.2","src_port":36400,"dest_ip":"193.45.6.10","dest_port":80,"proto":"TCP","drop":{"len":347,"tos":0,"ttl":64,"ipid":63403,"tcpseq":4151820443,"tcpack":242545613,"tcpwin":3551,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:17.736710+0100","flow_id":10369991428286,"event_type":"drop","src_ip":"192.168.1.2","src_port":36400,"dest_ip":"193.45.6.10","dest_port":80,"proto":"TCP","drop":{"len":347,"tos":0,"ttl":64,"ipid":63406,"tcpseq":4151821043,"tcpack":242546396,"tcpwin":3551,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:18.050946+0100","flow_id":10369991428286,"event_type":"drop","src_ip":"192.168.1.2","src_port":36400,"dest_ip":"193.45.6.10","dest_port":80,"proto":"TCP","drop":{"len":347,"tos":0,"ttl":64,"ipid":63409,"tcpseq":4151821643,"tcpack":242547179,"tcpwin":3551,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:18.375453+0100","flow_id":10369991428286,"event_type":"drop","src_ip":"192.168.1.2","src_port":36400,"dest_ip":"193.45.6.10","dest_port":80,"proto":"TCP","drop":{"len":347,"tos":0,"ttl":64,"ipid":63412,"tcpseq":4151822243,"tcpack":242547962,"tcpwin":3551,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:18.698430+0100","flow_id":10369991428286,"event_type":"drop","src_ip":"192.168.1.2","src_port":36400,"dest_ip":"193.45.6.10","dest_port":80,"proto":"TCP","drop":{"len":347,"tos":0,"ttl":64,"ipid":63415,"tcpseq":4151822843,"tcpack":242548745,"tcpwin":3551,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:19.011358+0100","flow_id":10369991428286,"event_type":"drop","src_ip":"192.168.1.2","src_port":36400,"dest_ip":"193.45.6.10","dest_port":80,"proto":"TCP","drop":{"len":347,"tos":0,"ttl":64,"ipid":63418,"tcpseq":4151823443,"tcpack":242549528,"tcpwin":3551,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:19.324155+0100","flow_id":10369991428286,"event_type":"drop","src_ip":"192.168.1.2","src_port":36400,"dest_ip":"193.45.6.10","dest_port":80,"proto":"TCP","drop":{"len":347,"tos":0,"ttl":64,"ipid":63421,"tcpseq":4151824043,"tcpack":242550311,"tcpwin":3551,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:19.637726+0100","flow_id":10369991428286,"event_type":"drop","src_ip":"192.168.1.2","src_port":36400,"dest_ip":"193.45.6.10","dest_port":80,"proto":"TCP","drop":{"len":347,"tos":0,"ttl":64,"ipid":63424,"tcpseq":4151824643,"tcpack":242551094,"tcpwin":3551,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:19.949610+0100","flow_id":10369991428286,"event_type":"drop","src_ip":"192.168.1.2","src_port":36400,"dest_ip":"193.45.6.10","dest_port":80,"proto":"TCP","drop":{"len":347,"tos":0,"ttl":64,"ipid":63427,"tcpseq":4151825243,"tcpack":242551877,"tcpwin":3551,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:28.386308+0100","flow_id":1588551431013222,"event_type":"drop","src_ip":"192.168.9.196","src_port":65016,"dest_ip":"216.58.205.46","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":127,"ipid":2279,"tcpseq":3630177934,"tcpack":2138614112,"tcpwin":258,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:28.731810+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":854,"tos":0,"ttl":64,"ipid":9199,"tcpseq":3640861377,"tcpack":3477921573,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:29.062548+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":926,"tos":0,"ttl":64,"ipid":9202,"tcpseq":3640862179,"tcpack":3477922077,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:29.489513+0100","flow_id":1127768012106128,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":36898,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:29.489517+0100","flow_id":1127768012106128,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":36898,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:31.504370+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":9206,"tcpseq":3640863053,"tcpack":3477923748,"tcpwin":282,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:31.722580+0100","flow_id":1127768012106128,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":36898,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:03:32.894736+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":9209,"tcpseq":3640863930,"tcpack":3477925136,"tcpwin":304,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:34.908030+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":9214,"tcpseq":3640864807,"tcpack":3477928668,"tcpwin":372,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:35.903666+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":930,"tos":0,"ttl":64,"ipid":9220,"tcpseq":3640865684,"tcpack":3477933257,"tcpwin":462,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:36.847957+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":931,"tos":0,"ttl":64,"ipid":9231,"tcpseq":3640866562,"tcpack":3477945013,"tcpwin":664,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:37.957853+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":931,"tos":0,"ttl":64,"ipid":9251,"tcpseq":3640867441,"tcpack":3477969476,"tcpwin":1047,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:38.825270+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":932,"tos":0,"ttl":64,"ipid":9284,"tcpseq":3640868320,"tcpack":3478013106,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:39.812720+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":933,"tos":0,"ttl":64,"ipid":9332,"tcpseq":3640869200,"tcpack":3478112116,"tcpwin":1604,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:40.750424+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":933,"tos":0,"ttl":64,"ipid":9459,"tcpseq":3640870081,"tcpack":3478312781,"tcpwin":3737,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:42.053511+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":934,"tos":0,"ttl":64,"ipid":9684,"tcpseq":3640870962,"tcpack":3478715770,"tcpwin":7135,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:42.777546+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":935,"tos":0,"ttl":64,"ipid":10054,"tcpseq":3640871844,"tcpack":3479336884,"tcpwin":9182,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:44.079440+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":935,"tos":0,"ttl":64,"ipid":10670,"tcpseq":3640872727,"tcpack":3480960725,"tcpwin":11072,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:44.904145+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":11550,"tcpseq":3640873610,"tcpack":3483464415,"tcpwin":11072,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:45.895656+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":937,"tos":0,"ttl":64,"ipid":13566,"tcpseq":3640874494,"tcpack":3489511179,"tcpwin":11072,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:03:47.199035+0100","flow_id":1127768012106128,"event_type":"drop","src_ip":"192.168.1.2","src_port":36898,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":937,"tos":0,"ttl":64,"ipid":17607,"tcpseq":3640875379,"tcpack":3501317146,"tcpwin":11072,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:04:22.887782+0100","flow_id":1196981413645045,"event_type":"drop","src_ip":"192.168.1.2","src_port":59352,"dest_ip":"54.246.209.93","dest_port":80,"proto":"TCP","drop":{"len":545,"tos":0,"ttl":64,"ipid":60249,"tcpseq":562053071,"tcpack":1249414648,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2021381,"rev":7,"signature":"ET TROJAN Zberp receiving config via image file - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:04:49.150718+0100","flow_id":1179582502882337,"event_type":"drop","src_ip":"192.168.1.2","src_port":52062,"dest_ip":"2.23.83.13","dest_port":80,"proto":"TCP","drop":{"len":573,"tos":0,"ttl":64,"ipid":28071,"tcpseq":1004361461,"tcpack":2828115994,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2021381,"rev":7,"signature":"ET TROJAN Zberp receiving config via image file - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:05:00.625343+0100","flow_id":1892197034920392,"event_type":"drop","src_ip":"192.168.1.2","src_port":37798,"dest_ip":"88.221.145.19","dest_port":80,"proto":"TCP","drop":{"len":595,"tos":0,"ttl":64,"ipid":44872,"tcpseq":2234107750,"tcpack":1586491044,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2021381,"rev":7,"signature":"ET TROJAN Zberp receiving config via image file - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:05:06.724006+0100","flow_id":124433593309466,"event_type":"drop","src_ip":"192.168.1.2","src_port":38500,"dest_ip":"193.45.6.10","dest_port":80,"proto":"TCP","drop":{"len":349,"tos":0,"ttl":64,"ipid":23565,"tcpseq":3860878781,"tcpack":3088967393,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2022317,"rev":2,"signature":"ET TROJAN Zbot download config - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:05:19.530319+0100","flow_id":2235961915399124,"event_type":"alert","src_ip":"192.168.1.2","src_port":49334,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":19,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/045851f375c4acfe\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335258&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513320798&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=42A353606DF23C906F355F753FEA7C8454709DED.0498AF57BB30B9C2AF4DEC160C69A5394D7BF699&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.9.96","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:05:19.530319+0100","flow_id":2235961915399124,"event_type":"drop","src_ip":"192.168.1.2","src_port":49334,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":964,"tos":0,"ttl":64,"ipid":6797,"tcpseq":2939772961,"tcpack":2875058750,"tcpwin":6032,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":19,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T08:05:19.746791+0100","flow_id":2235961915399124,"event_type":"drop","src_ip":"192.168.1.2","src_port":49334,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":964,"tos":0,"ttl":64,"ipid":6798,"tcpseq":2939772961,"tcpack":2875058750,"tcpwin":6032,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:05:31.718993+0100","flow_id":2101480055887636,"event_type":"drop","src_ip":"192.168.9.17","src_port":49970,"dest_ip":"172.217.23.110","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":127,"ipid":18314,"tcpseq":3781937045,"tcpack":612661285,"tcpwin":258,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:32.059980+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":853,"tos":0,"ttl":64,"ipid":51936,"tcpseq":1999251508,"tcpack":2517261738,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:32.417205+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":925,"tos":0,"ttl":64,"ipid":51939,"tcpseq":1999252309,"tcpack":2517262242,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:32.844882+0100","flow_id":1693082353199390,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":39238,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:05:32.844914+0100","flow_id":1693082353199390,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":39238,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:05:37.842075+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":51943,"tcpseq":1999253182,"tcpack":2517263913,"tcpwin":282,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:38.062068+0100","flow_id":1693082353199390,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":39238,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:05:43.430031+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":51946,"tcpseq":1999254058,"tcpack":2517264484,"tcpwin":304,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:43.857754+0100","flow_id":1693082353199390,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":39238,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:05:44.446119+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":51949,"tcpseq":1999254934,"tcpack":2517265108,"tcpwin":327,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:46.445080+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":51953,"tcpseq":1999255810,"tcpack":2517267321,"tcpwin":372,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:47.445180+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":51956,"tcpseq":1999256686,"tcpack":2517268061,"tcpwin":394,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:48.444954+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":51959,"tcpseq":1999257562,"tcpack":2517269241,"tcpwin":417,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:50.781326+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":51966,"tcpseq":1999258438,"tcpack":2517275715,"tcpwin":529,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:52.779334+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":930,"tos":0,"ttl":64,"ipid":51977,"tcpseq":1999259315,"tcpack":2517287471,"tcpwin":732,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:53.240746+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":930,"tos":0,"ttl":64,"ipid":51988,"tcpseq":1999260193,"tcpack":2517299228,"tcpwin":934,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:54.069642+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":931,"tos":0,"ttl":64,"ipid":52007,"tcpseq":1999261071,"tcpack":2517347546,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:55.178406+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":932,"tos":0,"ttl":64,"ipid":52041,"tcpseq":1999261950,"tcpack":2517463469,"tcpwin":1942,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:56.163347+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":932,"tos":0,"ttl":64,"ipid":52116,"tcpseq":1999262830,"tcpack":2517672079,"tcpwin":3467,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:57.053240+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":933,"tos":0,"ttl":64,"ipid":52368,"tcpseq":1999263710,"tcpack":2518095075,"tcpwin":7765,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:58.084582+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":934,"tos":0,"ttl":64,"ipid":52809,"tcpseq":1999264591,"tcpack":2519044930,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:05:59.069568+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":934,"tos":0,"ttl":64,"ipid":53459,"tcpseq":1999265473,"tcpack":2520886994,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:00.132248+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":935,"tos":0,"ttl":64,"ipid":54768,"tcpseq":1999266355,"tcpack":2524626645,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:01.177361+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":57224,"tcpseq":1999267238,"tcpack":2531668805,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:02.646248+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":61623,"tcpseq":1999268122,"tcpack":2544080831,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:16.523220+0100","flow_id":1871832452487913,"event_type":"drop","src_ip":"192.168.8.77","src_port":49751,"dest_ip":"172.217.23.110","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":127,"ipid":15073,"tcpseq":2869752518,"tcpack":750954180,"tcpwin":258,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:16.857687+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":853,"tos":0,"ttl":64,"ipid":62036,"tcpseq":1999269006,"tcpack":2545241458,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:17.250699+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":925,"tos":0,"ttl":64,"ipid":62039,"tcpseq":1999269807,"tcpack":2545241962,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:17.680243+0100","flow_id":1693082353199390,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":39238,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:06:17.680259+0100","flow_id":1693082353199390,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":39238,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:06:20.675732+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":62043,"tcpseq":1999270680,"tcpack":2545243633,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:20.895065+0100","flow_id":1693082353199390,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":39238,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:06:22.231461+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":62046,"tcpseq":1999271556,"tcpack":2545244310,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:23.241082+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":62050,"tcpseq":1999272432,"tcpack":2545246982,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:24.240657+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":62055,"tcpseq":1999273308,"tcpack":2545250943,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:25.242464+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":930,"tos":0,"ttl":64,"ipid":62065,"tcpseq":1999274185,"tcpack":2545261490,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:26.289832+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":930,"tos":0,"ttl":64,"ipid":62082,"tcpseq":1999275063,"tcpack":2545281716,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:27.149400+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":931,"tos":0,"ttl":64,"ipid":62106,"tcpseq":1999275941,"tcpack":2545319845,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:28.149467+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":932,"tos":0,"ttl":64,"ipid":62151,"tcpseq":1999276820,"tcpack":2545407881,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:30.197708+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":932,"tos":0,"ttl":64,"ipid":62223,"tcpseq":1999277700,"tcpack":2545583397,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:30.805404+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":933,"tos":0,"ttl":64,"ipid":62285,"tcpseq":1999278580,"tcpack":2545754895,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:31.601935+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":934,"tos":0,"ttl":64,"ipid":62482,"tcpseq":1999279461,"tcpack":2546315908,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:32.649584+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":934,"tos":0,"ttl":64,"ipid":62974,"tcpseq":1999280343,"tcpack":2547724641,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:33.680565+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":935,"tos":0,"ttl":64,"ipid":63919,"tcpseq":1999281225,"tcpack":2550415118,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:34.745785+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":204,"tcpseq":1999282108,"tcpack":2555628693,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:06:35.945113+0100","flow_id":1693082353199390,"event_type":"drop","src_ip":"192.168.1.2","src_port":39238,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":3623,"tcpseq":1999282992,"tcpack":2565446604,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:07:04.591423+0100","flow_id":1541457128719836,"event_type":"drop","src_ip":"192.168.1.2","src_port":42908,"dest_ip":"69.163.185.139","dest_port":80,"proto":"TCP","drop":{"len":567,"tos":0,"ttl":64,"ipid":43243,"tcpseq":450880350,"tcpack":2540567321,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2021381,"rev":7,"signature":"ET TROJAN Zberp receiving config via image file - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:07:09.266722+0100","flow_id":535159176499586,"event_type":"drop","src_ip":"192.168.1.2","src_port":43686,"dest_ip":"81.188.97.153","dest_port":80,"proto":"TCP","drop":{"len":550,"tos":0,"ttl":64,"ipid":30381,"tcpseq":3439470637,"tcpack":125570013,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2021381,"rev":7,"signature":"ET TROJAN Zberp receiving config via image file - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:07:49.995070+0100","flow_id":2145993100552346,"event_type":"alert","src_ip":"192.168.1.2","src_port":53364,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":9,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/0458d1fb1486e200\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335766&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513321284&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=3BF8406D2479696A62DB40FF907725B30BA3EB6C.42DF6A6181504AD2A9E15EC25ADE7A8013F2E6F5&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.8.63","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:07:49.995070+0100","flow_id":2145993100552346,"event_type":"drop","src_ip":"192.168.1.2","src_port":53364,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":17226,"tcpseq":1856541829,"tcpack":1830728979,"tcpwin":4682,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":9,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T08:07:50.697800+0100","flow_id":2145993100552346,"event_type":"drop","src_ip":"192.168.1.2","src_port":53364,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":17227,"tcpseq":1856541829,"tcpack":1830728979,"tcpwin":4682,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:07:53.430218+0100","flow_id":1752859711468835,"event_type":"alert","src_ip":"192.168.1.2","src_port":53358,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":15,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/045831fbc89c7443\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335772&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513321284&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=6AE0D58C43659BD2D24145A98392338FF0E3A9F2.34EC77D5B00618497DE4EB09FD47E536242E0113&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.9.94","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:07:53.430218+0100","flow_id":1752859711468835,"event_type":"drop","src_ip":"192.168.1.2","src_port":53358,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":16551,"tcpseq":2883566871,"tcpack":1318727040,"tcpwin":8552,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":15,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T08:07:53.647739+0100","flow_id":1752859711468835,"event_type":"drop","src_ip":"192.168.1.2","src_port":53358,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":16552,"tcpseq":2883566871,"tcpack":1318727040,"tcpwin":8552,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:08:00.651485+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":861,"tos":0,"ttl":64,"ipid":54460,"tcpseq":1980625912,"tcpack":4236959662,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:00.730674+0100","flow_id":932566052695483,"event_type":"alert","src_ip":"192.168.1.2","src_port":55214,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":10,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/0454abf6440f5490\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513268021&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513253540&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=10A0C832B3291F0FC70892407673417EB66743FE.11193E9ED5D234ACCB445D496769A180D05B5FD8&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.9.139","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:08:00.730674+0100","flow_id":932566052695483,"event_type":"drop","src_ip":"192.168.1.2","src_port":55214,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":890,"tos":0,"ttl":64,"ipid":53512,"tcpseq":4223268445,"tcpack":558654255,"tcpwin":3872,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":10,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T08:08:00.955694+0100","flow_id":932566052695483,"event_type":"drop","src_ip":"192.168.1.2","src_port":55214,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":890,"tos":0,"ttl":64,"ipid":53513,"tcpseq":4223268445,"tcpack":558654255,"tcpwin":3872,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:08:01.146166+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":933,"tos":0,"ttl":64,"ipid":54463,"tcpseq":1980626721,"tcpack":4236960166,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:01.629327+0100","flow_id":652435409399894,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":42738,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:08:01.629331+0100","flow_id":652435409399894,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":42738,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:08:06.582288+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":54467,"tcpseq":1980627602,"tcpack":4236961837,"tcpwin":282,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:06.816546+0100","flow_id":652435409399894,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":42738,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:08:09.094023+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":54471,"tcpseq":1980628486,"tcpack":4236964226,"tcpwin":327,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:11.594529+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":937,"tos":0,"ttl":64,"ipid":54477,"tcpseq":1980629370,"tcpack":4236968919,"tcpwin":417,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:12.844049+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":938,"tos":0,"ttl":64,"ipid":54488,"tcpseq":1980630255,"tcpack":4236981696,"tcpwin":619,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:14.093285+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":938,"tos":0,"ttl":64,"ipid":54504,"tcpseq":1980631141,"tcpack":4237001791,"tcpwin":934,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:15.359631+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":939,"tos":0,"ttl":64,"ipid":54517,"tcpseq":1980632027,"tcpack":4237016536,"tcpwin":1182,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:16.624663+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":940,"tos":0,"ttl":64,"ipid":54581,"tcpseq":1980632914,"tcpack":4237116914,"tcpwin":2032,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:17.907090+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":940,"tos":0,"ttl":64,"ipid":54644,"tcpseq":1980633802,"tcpack":4237252347,"tcpwin":2252,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:19.188597+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":941,"tos":0,"ttl":64,"ipid":54873,"tcpseq":1980634690,"tcpack":4237659849,"tcpwin":5762,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:20.483829+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":942,"tos":0,"ttl":64,"ipid":55160,"tcpseq":1980635579,"tcpack":4238236075,"tcpwin":9205,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:21.796976+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":942,"tos":0,"ttl":64,"ipid":55980,"tcpseq":1980636469,"tcpack":4239872376,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:23.219766+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":943,"tos":0,"ttl":64,"ipid":57128,"tcpseq":1980637359,"tcpack":4243147076,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:24.704080+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":944,"tos":0,"ttl":64,"ipid":59413,"tcpseq":1980638250,"tcpack":4249698574,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:26.172369+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":944,"tos":0,"ttl":64,"ipid":63514,"tcpseq":1980639142,"tcpack":4261479014,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:27.155583+0100","flow_id":1867142356742471,"event_type":"drop","src_ip":"192.168.8.135","src_port":50015,"dest_ip":"172.217.23.110","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":127,"ipid":12034,"tcpseq":2870996023,"tcpack":2231587132,"tcpwin":16560,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:27.454664+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":854,"tos":0,"ttl":64,"ipid":64725,"tcpseq":1980640034,"tcpack":4264937171,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:27.745760+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":930,"tos":0,"ttl":64,"ipid":64728,"tcpseq":1980640836,"tcpack":4264937675,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:28.201000+0100","flow_id":652435409399894,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":42738,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:08:28.201052+0100","flow_id":652435409399894,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":42738,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:08:30.298702+0100","flow_id":652435409399894,"event_type":"drop","src_ip":"192.168.1.2","src_port":42738,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":937,"tos":0,"ttl":64,"ipid":5554,"tcpseq":1980641714,"tcpack":4283229920,"tcpwin":12310,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:38.350203+0100","flow_id":336327966349169,"event_type":"drop","src_ip":"192.168.1.2","src_port":40572,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":492,"tos":0,"ttl":64,"ipid":53908,"tcpseq":3063179269,"tcpack":3728155466,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:38.351487+0100","flow_id":1879546223024413,"event_type":"drop","src_ip":"192.168.1.2","src_port":40574,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":492,"tos":0,"ttl":64,"ipid":60849,"tcpseq":1488475960,"tcpack":2509706042,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:38.386329+0100","flow_id":1254922686751872,"event_type":"drop","src_ip":"192.168.1.2","src_port":41280,"dest_ip":"95.141.32.8","dest_port":80,"proto":"TCP","drop":{"len":541,"tos":0,"ttl":64,"ipid":24768,"tcpseq":1807669766,"tcpack":3933970395,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2021381,"rev":7,"signature":"ET TROJAN Zberp receiving config via image file - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:08:38.591280+0100","flow_id":336327966349169,"event_type":"drop","src_ip":"192.168.1.2","src_port":40572,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":515,"tos":0,"ttl":64,"ipid":53911,"tcpseq":3063179709,"tcpack":3728156010,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:38.591443+0100","flow_id":1879546223024413,"event_type":"drop","src_ip":"192.168.1.2","src_port":40574,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":521,"tos":0,"ttl":64,"ipid":60852,"tcpseq":1488476400,"tcpack":2509706586,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:39.037069+0100","flow_id":336327966349169,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.1.2","dest_port":40572,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:08:39.037259+0100","flow_id":336327966349169,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.1.2","dest_port":40572,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:08:39.037885+0100","flow_id":44605195152295,"event_type":"alert","src_ip":"192.168.1.2","src_port":55444,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":13,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":4,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"http":{"hostname":"151.99.72.114","url":"\/data\/0259220075e4e3d7\/7.au.download.windowsupdate.com\/d\/msdownload\/update\/software\/defu\/2017\/12\/am_delta_patch_1.259.284.0_a6277d74042bdb6d985fe4a87ebbecf3ff72b6c0.exe","http_user_agent":"Microsoft-Delivery-Optimization\/10.0","xff":"192.168.9.196","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:08:39.037885+0100","flow_id":44605195152295,"event_type":"drop","src_ip":"192.168.1.2","src_port":55444,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":551,"tos":0,"ttl":64,"ipid":53812,"tcpseq":324385563,"tcpack":3250981079,"tcpwin":6122,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:08:39.049576+0100","flow_id":336327966349169,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.1.2","dest_port":40572,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:08:39.254695+0100","flow_id":44605195152295,"event_type":"drop","src_ip":"192.168.1.2","src_port":55444,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":551,"tos":0,"ttl":64,"ipid":53813,"tcpseq":324385563,"tcpack":3250981079,"tcpwin":6122,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:09:12.831827+0100","flow_id":336327966349169,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.1.2","dest_port":40572,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:09:19.537884+0100","flow_id":1715699665799847,"event_type":"drop","src_ip":"192.168.9.96","src_port":50160,"dest_ip":"172.217.23.110","dest_port":80,"proto":"TCP","drop":{"len":452,"tos":0,"ttl":127,"ipid":21393,"tcpseq":1633648315,"tcpack":4174233377,"tcpwin":258,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:19.880874+0100","flow_id":1997921960293657,"event_type":"alert","src_ip":"192.168.1.2","src_port":57854,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":12,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":4,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"http":{"hostname":"151.99.72.106","url":"\/data\/055996019b84704c\/redirector.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe","http_user_agent":"Google Update\/1.3.33.7;winhttp","xff":"192.168.9.96","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:09:19.880874+0100","flow_id":1997921960293657,"event_type":"drop","src_ip":"192.168.1.2","src_port":57854,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":576,"tos":0,"ttl":64,"ipid":21644,"tcpseq":1631562698,"tcpack":1989539322,"tcpwin":6437,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:20.154696+0100","flow_id":1997921960293657,"event_type":"drop","src_ip":"192.168.1.2","src_port":57854,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":576,"tos":0,"ttl":64,"ipid":21645,"tcpseq":1631562698,"tcpack":1989539322,"tcpwin":6437,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:09:28.748448+0100","flow_id":1382758090799839,"event_type":"alert","src_ip":"192.168.1.2","src_port":58314,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":7,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/0454abf6440f5490\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513268021&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513253540&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=10A0C832B3291F0FC70892407673417EB66743FE.11193E9ED5D234ACCB445D496769A180D05B5FD8&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.9.139","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:09:28.748448+0100","flow_id":1382758090799839,"event_type":"drop","src_ip":"192.168.1.2","src_port":58314,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":890,"tos":0,"ttl":64,"ipid":15580,"tcpseq":4110622539,"tcpack":3751993585,"tcpwin":2398,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":7,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T08:09:28.979734+0100","flow_id":1382758090799839,"event_type":"drop","src_ip":"192.168.1.2","src_port":58314,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":890,"tos":0,"ttl":64,"ipid":15581,"tcpseq":4110622539,"tcpack":3751993585,"tcpwin":2398,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:09:44.870224+0100","flow_id":889496130236411,"event_type":"drop","src_ip":"88.221.145.154","src_port":80,"dest_ip":"192.168.1.2","dest_port":54198,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":53499,"tcpseq":290656387,"tcpack":972890220,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:44.878276+0100","flow_id":889496130236411,"event_type":"drop","src_ip":"88.221.145.154","src_port":80,"dest_ip":"192.168.1.2","dest_port":54198,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":53539,"tcpseq":290656387,"tcpack":972890220,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:45.125832+0100","flow_id":889496130236411,"event_type":"drop","src_ip":"88.221.145.154","src_port":80,"dest_ip":"192.168.1.2","dest_port":54198,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":53540,"tcpseq":290656387,"tcpack":972890220,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:45.373816+0100","flow_id":889496130236411,"event_type":"drop","src_ip":"88.221.145.154","src_port":80,"dest_ip":"192.168.1.2","dest_port":54198,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":53541,"tcpseq":290656387,"tcpack":972890220,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:45.666893+0100","flow_id":889496130236411,"event_type":"drop","src_ip":"88.221.145.154","src_port":80,"dest_ip":"192.168.1.2","dest_port":54198,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":53542,"tcpseq":290656387,"tcpack":972890220,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:46.004038+0100","flow_id":889496130236411,"event_type":"drop","src_ip":"88.221.145.154","src_port":80,"dest_ip":"192.168.1.2","dest_port":54198,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":53543,"tcpseq":290656387,"tcpack":972890220,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:46.520075+0100","flow_id":889496130236411,"event_type":"drop","src_ip":"88.221.145.154","src_port":80,"dest_ip":"192.168.1.2","dest_port":54198,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":53544,"tcpseq":290656387,"tcpack":972890220,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:47.628502+0100","flow_id":889496130236411,"event_type":"drop","src_ip":"88.221.145.154","src_port":80,"dest_ip":"192.168.1.2","dest_port":54198,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":53545,"tcpseq":290656387,"tcpack":972890220,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:50.324816+0100","flow_id":889496130236411,"event_type":"drop","src_ip":"88.221.145.154","src_port":80,"dest_ip":"192.168.1.2","dest_port":54198,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":53546,"tcpseq":290656387,"tcpack":972890220,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:50.553649+0100","flow_id":1325327942871116,"event_type":"drop","src_ip":"192.168.9.96","src_port":50162,"dest_ip":"172.217.23.78","dest_port":80,"proto":"TCP","drop":{"len":438,"tos":0,"ttl":127,"ipid":30641,"tcpseq":2322789581,"tcpack":2879455631,"tcpwin":258,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:51.115917+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":860,"tos":0,"ttl":64,"ipid":29331,"tcpseq":67937371,"tcpack":1978246789,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:51.432441+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":932,"tos":0,"ttl":64,"ipid":29334,"tcpseq":67938179,"tcpack":1978247293,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:51.912288+0100","flow_id":2000447409734569,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":45872,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:09:51.912295+0100","flow_id":2000447409734569,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":45872,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:09:56.874510+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":935,"tos":0,"ttl":64,"ipid":29338,"tcpseq":67939059,"tcpack":1978248964,"tcpwin":282,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:57.110306+0100","flow_id":2000447409734569,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":45872,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:09:57.341759+0100","flow_id":889496130236411,"event_type":"drop","src_ip":"88.221.145.154","src_port":80,"dest_ip":"192.168.1.2","dest_port":54198,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":53547,"tcpseq":290656387,"tcpack":972890220,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:58.140525+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":935,"tos":0,"ttl":64,"ipid":29342,"tcpseq":67939942,"tcpack":1978251642,"tcpwin":327,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:59.141445+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":935,"tos":0,"ttl":64,"ipid":29346,"tcpseq":67940825,"tcpack":1978253549,"tcpwin":372,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:59.270710+0100","flow_id":60805819605205,"event_type":"drop","src_ip":"192.168.1.2","src_port":56988,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":44498,"tcpseq":591158121,"tcpack":141091903,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:59.374239+0100","flow_id":1288689724929305,"event_type":"drop","src_ip":"192.168.1.2","src_port":56996,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":55311,"tcpseq":255405843,"tcpack":158783525,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:59.575674+0100","flow_id":611972530292805,"event_type":"drop","src_ip":"192.168.1.2","src_port":57004,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":39142,"tcpseq":1539010318,"tcpack":832117415,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:09:59.659382+0100","flow_id":1088076097458013,"event_type":"drop","src_ip":"192.168.1.2","src_port":57006,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":9072,"tcpseq":1002625875,"tcpack":138148224,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:07.215617+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":935,"tos":0,"ttl":64,"ipid":29351,"tcpseq":67941708,"tcpack":1978257006,"tcpwin":439,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:08.894810+0100","flow_id":889496130236411,"event_type":"drop","src_ip":"88.221.145.154","src_port":80,"dest_ip":"192.168.1.2","dest_port":54198,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":53548,"tcpseq":290656387,"tcpack":972890220,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:10.227429+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":29354,"tcpseq":67942591,"tcpack":1978258080,"tcpwin":462,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:10.641127+0100","flow_id":1854680515901689,"event_type":"drop","src_ip":"192.168.9.37","src_port":51777,"dest_ip":"172.217.23.78","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":127,"ipid":30750,"tcpseq":1175408108,"tcpack":4219643694,"tcpwin":258,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:10.917427+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":853,"tos":0,"ttl":64,"ipid":29362,"tcpseq":67943475,"tcpack":1978265610,"tcpwin":597,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:11.429431+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":925,"tos":0,"ttl":64,"ipid":29365,"tcpseq":67944276,"tcpack":1978266114,"tcpwin":619,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:11.655872+0100","flow_id":2000447409734569,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":45872,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:10:11.655883+0100","flow_id":2000447409734569,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":45872,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:10:12.239322+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":937,"tos":0,"ttl":64,"ipid":29369,"tcpseq":67945149,"tcpack":1978267785,"tcpwin":664,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:12.684748+0100","flow_id":2000447409734569,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":45872,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:10:13.039086+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":937,"tos":0,"ttl":64,"ipid":29380,"tcpseq":67946034,"tcpack":1978279542,"tcpwin":867,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:14.095984+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":938,"tos":0,"ttl":64,"ipid":29402,"tcpseq":67946919,"tcpack":1978308204,"tcpwin":1317,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:14.946975+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":939,"tos":0,"ttl":64,"ipid":29434,"tcpseq":67947805,"tcpack":1978361690,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:15.966035+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":939,"tos":0,"ttl":64,"ipid":29506,"tcpseq":67948692,"tcpack":1978487671,"tcpwin":2461,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:16.894607+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":939,"tos":0,"ttl":64,"ipid":29646,"tcpseq":67949579,"tcpack":1978731530,"tcpwin":4480,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:18.208600+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":940,"tos":0,"ttl":64,"ipid":29890,"tcpseq":67950466,"tcpack":1979192738,"tcpwin":7787,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:18.901673+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":941,"tos":0,"ttl":64,"ipid":30213,"tcpseq":67951354,"tcpack":1979895506,"tcpwin":10847,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:19.904181+0100","flow_id":2000447409734569,"event_type":"drop","src_ip":"192.168.1.2","src_port":45872,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":30932,"tcpseq":67952243,"tcpack":1981937368,"tcpwin":10847,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:19.953993+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":941,"tos":0,"ttl":64,"ipid":6028,"tcpseq":3004452879,"tcpack":1550014329,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:20.365245+0100","flow_id":1290296044065102,"event_type":"drop","src_ip":"192.168.1.2","src_port":43288,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":474,"tos":0,"ttl":64,"ipid":22788,"tcpseq":2240417820,"tcpack":2097034099,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:20.598273+0100","flow_id":1290296044065102,"event_type":"drop","src_ip":"192.168.1.2","src_port":43288,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":503,"tos":0,"ttl":64,"ipid":22791,"tcpseq":2240418242,"tcpack":2097034643,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:20.619899+0100","flow_id":1471739084960872,"event_type":"drop","src_ip":"192.168.1.2","src_port":43300,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":503,"tos":0,"ttl":64,"ipid":53076,"tcpseq":1543800144,"tcpack":1580819278,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:20.915421+0100","flow_id":2135240657825006,"event_type":"alert","src_ip":"192.168.1.2","src_port":56388,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":11,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":4,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"http":{"hostname":"151.99.72.114","url":"\/data\/0259f2021f72f387\/7.au.download.windowsupdate.com\/d\/msdownload\/update\/software\/defu\/2017\/12\/am_delta_b4a5f0f8cf6ea28fcf50f8476dc0f719d1c538a3.exe","http_user_agent":"Microsoft-Delivery-Optimization\/10.0","xff":"192.168.9.254","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:20.915421+0100","flow_id":2135240657825006,"event_type":"drop","src_ip":"192.168.1.2","src_port":56388,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":539,"tos":0,"ttl":64,"ipid":25110,"tcpseq":1510668015,"tcpack":3471173466,"tcpwin":9661,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:21.021363+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":942,"tos":0,"ttl":64,"ipid":7623,"tcpseq":3004453768,"tcpack":1553914221,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:21.033895+0100","flow_id":1531406908896197,"event_type":"alert","src_ip":"192.168.1.2","src_port":55496,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":13,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":4,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"http":{"hostname":"151.99.72.114","url":"\/data\/0259370220738846\/7.au.download.windowsupdate.com\/d\/msdownload\/update\/software\/defu\/2017\/12\/am_delta_b4a5f0f8cf6ea28fcf50f8476dc0f719d1c538a3.exe","http_user_agent":"Microsoft-Delivery-Optimization\/10.0","xff":"192.168.9.254","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:21.033895+0100","flow_id":1531406908896197,"event_type":"drop","src_ip":"192.168.1.2","src_port":55496,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":539,"tos":0,"ttl":64,"ipid":9515,"tcpseq":2946125998,"tcpack":837409940,"tcpwin":3849,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:21.156745+0100","flow_id":2135240657825006,"event_type":"drop","src_ip":"192.168.1.2","src_port":56388,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":539,"tos":0,"ttl":64,"ipid":25111,"tcpseq":1510668015,"tcpack":3471173466,"tcpwin":9661,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:10:21.257712+0100","flow_id":1531406908896197,"event_type":"drop","src_ip":"192.168.1.2","src_port":55496,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":539,"tos":0,"ttl":64,"ipid":9516,"tcpseq":2946125998,"tcpack":837409940,"tcpwin":3849,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:10:22.046079+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":943,"tos":0,"ttl":64,"ipid":10300,"tcpseq":3004454658,"tcpack":1561258154,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:23.519134+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":943,"tos":0,"ttl":64,"ipid":14938,"tcpseq":3004455549,"tcpack":1573962042,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:29.090689+0100","flow_id":1063373595042116,"event_type":"alert","src_ip":"192.168.1.2","src_port":45144,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.229","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:29.091609+0100","flow_id":1759181919315334,"event_type":"alert","src_ip":"192.168.1.2","src_port":45150,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.229","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:29.092991+0100","flow_id":1306784424094394,"event_type":"alert","src_ip":"192.168.1.2","src_port":45146,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.229","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:29.093456+0100","flow_id":1218501371325606,"event_type":"alert","src_ip":"192.168.1.2","src_port":45148,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.229","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:29.095458+0100","flow_id":1661501478106220,"event_type":"alert","src_ip":"192.168.1.2","src_port":45152,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.229","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:29.098014+0100","flow_id":1192826056834629,"event_type":"alert","src_ip":"192.168.1.2","src_port":45156,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.229","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:29.105268+0100","flow_id":2162921730054797,"event_type":"alert","src_ip":"192.168.1.2","src_port":45154,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.229","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:29.227055+0100","flow_id":1759181919315334,"event_type":"alert","src_ip":"192.168.1.2","src_port":45150,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:29.227786+0100","flow_id":1063373595042116,"event_type":"alert","src_ip":"192.168.1.2","src_port":45144,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:29.233279+0100","flow_id":1661501478106220,"event_type":"alert","src_ip":"192.168.1.2","src_port":45152,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:29.233753+0100","flow_id":1218501371325606,"event_type":"alert","src_ip":"192.168.1.2","src_port":45148,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:29.233792+0100","flow_id":1306784424094394,"event_type":"alert","src_ip":"192.168.1.2","src_port":45146,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:29.236791+0100","flow_id":1192826056834629,"event_type":"alert","src_ip":"192.168.1.2","src_port":45156,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:29.252775+0100","flow_id":2162921730054797,"event_type":"alert","src_ip":"192.168.1.2","src_port":45154,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:31.540597+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":15068,"tcpseq":3004456440,"tcpack":1574305099,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:31.873319+0100","flow_id":889496130236411,"event_type":"drop","src_ip":"88.221.145.154","src_port":80,"dest_ip":"192.168.1.2","dest_port":54198,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":53549,"tcpseq":290656387,"tcpack":972890220,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:36.116833+0100","flow_id":2099781416306562,"event_type":"alert","src_ip":"192.168.1.2","src_port":48818,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/danielrichter2007\/grub-customizer\/ubuntu\/dists\/zesty\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:36.120088+0100","flow_id":1078347999007838,"event_type":"alert","src_ip":"192.168.1.2","src_port":56338,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:36.127184+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:36.182971+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:36.215375+0100","flow_id":169294548453523,"event_type":"alert","src_ip":"192.168.1.2","src_port":48826,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/ondrej\/apache2\/ubuntu\/dists\/zesty\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:36.343080+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-backports\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:36.403242+0100","flow_id":726010356890227,"event_type":"alert","src_ip":"192.168.1.2","src_port":48838,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/ondrej\/php\/ubuntu\/dists\/zesty\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:36.546669+0100","flow_id":1883959309653772,"event_type":"alert","src_ip":"192.168.1.2","src_port":48848,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/webupd8team\/java\/ubuntu\/dists\/zesty\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:36.624310+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/main\/binary-i386\/by-hash\/SHA256\/95252f78dc9fbac94dba0a54ad0bfe8e2bbf183a553ca5f539d8142e21763396","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:36.806342+0100","flow_id":517629281052010,"event_type":"alert","src_ip":"192.168.1.2","src_port":48856,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/ondrej\/apache2\/ubuntu\/dists\/zesty\/main\/binary-amd64\/by-hash\/SHA256\/5c6edcedcd865f14e9490c6c072d00bda4a3dbf1b787a4640f7db0d7d7809f3e","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:36.878129+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":4,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/main\/binary-amd64\/by-hash\/SHA256\/e0b935a075005fe8a77234845dec53c6e0152e92774611f2d83f997948517b2a","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:36.883582+0100","flow_id":1078347999007838,"event_type":"alert","src_ip":"192.168.1.2","src_port":56338,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/main\/binary-amd64\/by-hash\/SHA256\/6af313da1764d795e00082210e1cecd998dd8ee6124adaa483ae4117881934dc","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:36.958282+0100","flow_id":2104840887755228,"event_type":"alert","src_ip":"192.168.1.2","src_port":48864,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/ondrej\/apache2\/ubuntu\/dists\/zesty\/main\/binary-i386\/by-hash\/SHA256\/5568087393a2676508b0a288c79cb6856a2f4a3b93be1f95ede00091876e114d","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:36.966924+0100","flow_id":1078347999007838,"event_type":"alert","src_ip":"192.168.1.2","src_port":56338,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/main\/binary-i386\/by-hash\/SHA256\/7a1bf42ad2484cae7a4c4b1010924799accf132113ded487ba7f80bd9a3baddc","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.021278+0100","flow_id":1078347999007838,"event_type":"alert","src_ip":"192.168.1.2","src_port":56338,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/main\/dep11\/by-hash\/SHA256\/9c2b6abea37ac1053e566e248248c7acc44b89f0e76abd5d009859965de91980","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.152435+0100","flow_id":660756918776847,"event_type":"alert","src_ip":"192.168.1.2","src_port":48878,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/ondrej\/php\/ubuntu\/dists\/zesty\/main\/binary-amd64\/by-hash\/SHA256\/465c86d985dfcbb2bce485b23f7e7c42cd24025d9921fa6c20360579c4e6f83b","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.167183+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":5,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/main\/dep11\/by-hash\/SHA256\/90e1c192bfd0275992e31342947f579b0ef97cb9bcdf78291638c445731319c7","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.210946+0100","flow_id":1078347999007838,"event_type":"alert","src_ip":"192.168.1.2","src_port":56338,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":4,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/main\/dep11\/by-hash\/SHA256\/252768b650c29bc3cc66e6853730755124d1528184a7682746bb2217f5d274b0","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.224071+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":6,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/main\/dep11\/by-hash\/SHA256\/2d8e50f82619301a656bc64cbc379daca08ea7c2b77b5b9ab6f796cad54761b1","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.273486+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":7,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/universe\/binary-i386\/by-hash\/SHA256\/33959fa010652e67ef84d0e713700a75e0d31080717e2dbd3528f1ebcfa9bb50","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.425932+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":8,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/universe\/binary-amd64\/by-hash\/SHA256\/4f93946c2019f5b6fe9a68dfe57fcf36c2c6f06b2dfc16272f9efd9835f251c3","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.556474+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":9,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/universe\/i18n\/by-hash\/SHA256\/8979473c16cedd51d15d74b3444895f342960756009c3213b0555dfdbfd5a9b4","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.566909+0100","flow_id":1078347999007838,"event_type":"alert","src_ip":"192.168.1.2","src_port":56338,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":5,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/universe\/binary-i386\/by-hash\/SHA256\/f42d28762b881bd337e7ba4e91c609d4007238aa51ce08c822080d6d907b4aa0","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.569582+0100","flow_id":47044746915961,"event_type":"alert","src_ip":"192.168.1.2","src_port":48896,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/ondrej\/php\/ubuntu\/dists\/zesty\/main\/binary-i386\/by-hash\/SHA256\/6a06ec100bcb45889dccd575f7ce9e29d1d21d56265f8a8a9db76532d9e42b32","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.602125+0100","flow_id":1078347999007838,"event_type":"alert","src_ip":"192.168.1.2","src_port":56338,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":6,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/universe\/binary-amd64\/by-hash\/SHA256\/71d04ba42ece406e68bab144f568a5a76c01570f9b659020b95d439f457ca819","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.603605+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":10,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/universe\/dep11\/by-hash\/SHA256\/863d3d438757b88aeb976c4a363a5a35ccef70ee4e9f181af1283723552579ad","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.632135+0100","flow_id":1078347999007838,"event_type":"alert","src_ip":"192.168.1.2","src_port":56338,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":7,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/universe\/i18n\/by-hash\/SHA256\/f8ba7736aefe78d37a9a39a6d59cb84beb3ecc08daf1b2dbbaf96a3b743ebbdd","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.682735+0100","flow_id":1078347999007838,"event_type":"alert","src_ip":"192.168.1.2","src_port":56338,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":8,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/universe\/dep11\/by-hash\/SHA256\/e9c1b485a81e9412203294497f031e8848115be3c61cc275a4ae3a5d3e4504ea","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.721031+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":11,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/universe\/dep11\/by-hash\/SHA256\/029057cff1a66929fa16490279647ec9cc471081068043dc07ef536c5a212ed5","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.833111+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":12,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/multiverse\/binary-i386\/by-hash\/SHA256\/82f401ff6f4814d13f7c230382b8951417eb225614779e52289b495e48f51310","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.867709+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":13,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/multiverse\/binary-amd64\/by-hash\/SHA256\/67cb61ce6c63a9f1d1100a7ff9d70db6812fa58b652ff13d1002e31d657cb7d9","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.904696+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":14,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/multiverse\/dep11\/by-hash\/SHA256\/91d99aa26957a803d656be9214611cd4245af20cce806766fdf8a45f9c5e98b5","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:37.940375+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":15,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-backports\/universe\/dep11\/by-hash\/SHA256\/3b8f4be14317c1e15c9725e16feb4d3098f4afd2f0fc1fd0e16036b15dc3856e","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:38.603131+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":15071,"tcpseq":3004457316,"tcpack":1574305840,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:40.543594+0100","flow_id":1078347999007838,"event_type":"alert","src_ip":"192.168.1.2","src_port":56338,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":9,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/universe\/dep11\/by-hash\/SHA256\/3b7678ca7bbe1ec3324c8bcc4e0735a30227e51a69dd82780408357505bfbc96","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:41.172189+0100","flow_id":1078347999007838,"event_type":"alert","src_ip":"192.168.1.2","src_port":56338,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":10,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/multiverse\/binary-amd64\/by-hash\/SHA256\/4ae687b67125b26df9d8eb67d6d0ab89f6841c1cb853c814be98b50f7ede4a15","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:41.217587+0100","flow_id":1078347999007838,"event_type":"alert","src_ip":"192.168.1.2","src_port":56338,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":11,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/multiverse\/binary-i386\/by-hash\/SHA256\/aaebf16f9ab0a565b4faaf5bed0d98bd0c1c1424297cb2d0058bcd3e1492ee3b","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:41.259441+0100","flow_id":1078347999007838,"event_type":"alert","src_ip":"192.168.1.2","src_port":56338,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":12,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/multiverse\/dep11\/by-hash\/SHA256\/ed013302dd0cf419bf0c8b1caaf5fb023238c74ce18f2e6d2c3caa56b1f45a25","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:49.701848+0100","flow_id":2162921730054797,"event_type":"alert","src_ip":"192.168.1.2","src_port":45154,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.101","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:49.703987+0100","flow_id":1192826056834629,"event_type":"alert","src_ip":"192.168.1.2","src_port":45156,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.101","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:49.704851+0100","flow_id":1063373595042116,"event_type":"alert","src_ip":"192.168.1.2","src_port":45144,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.101","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:49.727691+0100","flow_id":78015756835346,"event_type":"alert","src_ip":"192.168.1.2","src_port":47784,"dest_ip":"216.239.36.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.101","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:49.728112+0100","flow_id":1591433382927342,"event_type":"alert","src_ip":"192.168.1.2","src_port":47782,"dest_ip":"216.239.36.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.101","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:49.729607+0100","flow_id":2034403424936390,"event_type":"alert","src_ip":"192.168.1.2","src_port":47786,"dest_ip":"216.239.36.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.101","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:49.730887+0100","flow_id":152121122563770,"event_type":"alert","src_ip":"192.168.1.2","src_port":47788,"dest_ip":"216.239.36.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.101","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:49.842782+0100","flow_id":1192826056834629,"event_type":"alert","src_ip":"192.168.1.2","src_port":45156,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:49.842871+0100","flow_id":1063373595042116,"event_type":"alert","src_ip":"192.168.1.2","src_port":45144,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:49.851613+0100","flow_id":2162921730054797,"event_type":"alert","src_ip":"192.168.1.2","src_port":45154,"dest_ip":"216.239.32.21","dest_port":80,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:49.866867+0100","flow_id":152121122563770,"event_type":"alert","src_ip":"192.168.1.2","src_port":47788,"dest_ip":"216.239.36.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:49.868225+0100","flow_id":1591433382927342,"event_type":"alert","src_ip":"192.168.1.2","src_port":47782,"dest_ip":"216.239.36.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:49.868845+0100","flow_id":2034403424936390,"event_type":"alert","src_ip":"192.168.1.2","src_port":47786,"dest_ip":"216.239.36.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:49.869596+0100","flow_id":78015756835346,"event_type":"alert","src_ip":"192.168.1.2","src_port":47784,"dest_ip":"216.239.36.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:51.099328+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":15074,"tcpseq":3004458192,"tcpack":1574306736,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:10:56.236101+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":16,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:56.272137+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":17,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:56.280957+0100","flow_id":635515397228794,"event_type":"alert","src_ip":"192.168.1.2","src_port":57152,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:56.281638+0100","flow_id":2135783980944351,"event_type":"alert","src_ip":"192.168.1.2","src_port":49632,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/danielrichter2007\/grub-customizer\/ubuntu\/dists\/zesty\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:56.313581+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":18,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-backports\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:56.344673+0100","flow_id":1538890900980242,"event_type":"alert","src_ip":"192.168.1.2","src_port":49636,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/ondrej\/apache2\/ubuntu\/dists\/zesty\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:56.405157+0100","flow_id":486318970777146,"event_type":"alert","src_ip":"192.168.1.2","src_port":49640,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/ondrej\/php\/ubuntu\/dists\/zesty\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:56.466847+0100","flow_id":2003155390832345,"event_type":"alert","src_ip":"192.168.1.2","src_port":49642,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/webupd8team\/java\/ubuntu\/dists\/zesty\/InRelease","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:56.825151+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":19,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/main\/binary-amd64\/by-hash\/SHA256\/e0b935a075005fe8a77234845dec53c6e0152e92774611f2d83f997948517b2a","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:56.889864+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":20,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/main\/binary-i386\/by-hash\/SHA256\/95252f78dc9fbac94dba0a54ad0bfe8e2bbf183a553ca5f539d8142e21763396","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:56.934570+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":21,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/main\/dep11\/by-hash\/SHA256\/90e1c192bfd0275992e31342947f579b0ef97cb9bcdf78291638c445731319c7","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:56.943079+0100","flow_id":635515397228794,"event_type":"alert","src_ip":"192.168.1.2","src_port":57152,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/main\/dep11\/by-hash\/SHA256\/9c2b6abea37ac1053e566e248248c7acc44b89f0e76abd5d009859965de91980","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:56.969657+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":22,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/main\/dep11\/by-hash\/SHA256\/2d8e50f82619301a656bc64cbc379daca08ea7c2b77b5b9ab6f796cad54761b1","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:56.974213+0100","flow_id":635515397228794,"event_type":"alert","src_ip":"192.168.1.2","src_port":57152,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/main\/dep11\/by-hash\/SHA256\/252768b650c29bc3cc66e6853730755124d1528184a7682746bb2217f5d274b0","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:57.003989+0100","flow_id":635515397228794,"event_type":"alert","src_ip":"192.168.1.2","src_port":57152,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/universe\/dep11\/by-hash\/SHA256\/e9c1b485a81e9412203294497f031e8848115be3c61cc275a4ae3a5d3e4504ea","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:57.004475+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":23,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/universe\/binary-i386\/by-hash\/SHA256\/33959fa010652e67ef84d0e713700a75e0d31080717e2dbd3528f1ebcfa9bb50","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:57.033414+0100","flow_id":635515397228794,"event_type":"alert","src_ip":"192.168.1.2","src_port":57152,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":4,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/universe\/dep11\/by-hash\/SHA256\/3b7678ca7bbe1ec3324c8bcc4e0735a30227e51a69dd82780408357505bfbc96","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:57.045086+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":24,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/universe\/binary-amd64\/by-hash\/SHA256\/4f93946c2019f5b6fe9a68dfe57fcf36c2c6f06b2dfc16272f9efd9835f251c3","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:57.085846+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":25,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/universe\/dep11\/by-hash\/SHA256\/863d3d438757b88aeb976c4a363a5a35ccef70ee4e9f181af1283723552579ad","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:57.124026+0100","flow_id":635515397228794,"event_type":"alert","src_ip":"192.168.1.2","src_port":57152,"dest_ip":"91.189.88.149","dest_port":80,"proto":"TCP","tx_id":5,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"security.ubuntu.com","url":"\/ubuntu\/dists\/zesty-security\/multiverse\/dep11\/by-hash\/SHA256\/ed013302dd0cf419bf0c8b1caaf5fb023238c74ce18f2e6d2c3caa56b1f45a25","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:57.129069+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":26,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/universe\/dep11\/by-hash\/SHA256\/029057cff1a66929fa16490279647ec9cc471081068043dc07ef536c5a212ed5","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:57.172904+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":27,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-updates\/multiverse\/dep11\/by-hash\/SHA256\/91d99aa26957a803d656be9214611cd4245af20cce806766fdf8a45f9c5e98b5","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:57.189429+0100","flow_id":1002397946209015,"event_type":"alert","src_ip":"192.168.1.2","src_port":49658,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/ondrej\/apache2\/ubuntu\/dists\/zesty\/main\/binary-amd64\/by-hash\/SHA256\/5c6edcedcd865f14e9490c6c072d00bda4a3dbf1b787a4640f7db0d7d7809f3e","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:57.207529+0100","flow_id":3304799924302,"event_type":"alert","src_ip":"192.168.1.2","src_port":56102,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":28,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/dists\/zesty-backports\/universe\/dep11\/by-hash\/SHA256\/3b8f4be14317c1e15c9725e16feb4d3098f4afd2f0fc1fd0e16036b15dc3856e","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:57.252199+0100","flow_id":485032628181153,"event_type":"alert","src_ip":"192.168.1.2","src_port":49662,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/ondrej\/apache2\/ubuntu\/dists\/zesty\/main\/binary-i386\/by-hash\/SHA256\/5568087393a2676508b0a288c79cb6856a2f4a3b93be1f95ede00091876e114d","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:57.313594+0100","flow_id":1843410524817392,"event_type":"alert","src_ip":"192.168.1.2","src_port":49670,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/ondrej\/php\/ubuntu\/dists\/zesty\/main\/binary-amd64\/by-hash\/SHA256\/465c86d985dfcbb2bce485b23f7e7c42cd24025d9921fa6c20360579c4e6f83b","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:10:57.372437+0100","flow_id":1872796691050055,"event_type":"alert","src_ip":"192.168.1.2","src_port":49672,"dest_ip":"91.189.95.83","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"ppa.launchpad.net","url":"\/ondrej\/php\/ubuntu\/dists\/zesty\/main\/binary-i386\/by-hash\/SHA256\/6a06ec100bcb45889dccd575f7ce9e29d1d21d56265f8a8a9db76532d9e42b32","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.101","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:02.169225+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":15077,"tcpseq":3004459068,"tcpack":1574307521,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:04.313544+0100","flow_id":764667209898753,"event_type":"alert","src_ip":"192.168.1.2","src_port":34408,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":17,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/0454abf6440f5490\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513268021&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513253540&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=10A0C832B3291F0FC70892407673417EB66743FE.11193E9ED5D234ACCB445D496769A180D05B5FD8&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.9.139","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:04.313544+0100","flow_id":764667209898753,"event_type":"drop","src_ip":"192.168.1.2","src_port":34408,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":890,"tos":0,"ttl":64,"ipid":52209,"tcpseq":1041323577,"tcpack":1468557860,"tcpwin":4231,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":17,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T08:11:04.525699+0100","flow_id":764667209898753,"event_type":"drop","src_ip":"192.168.1.2","src_port":34408,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":890,"tos":0,"ttl":64,"ipid":52210,"tcpseq":1041323577,"tcpack":1468557860,"tcpwin":4231,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:11:10.361833+0100","flow_id":1255296358843516,"event_type":"drop","src_ip":"192.168.1.2","src_port":45200,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":427,"tos":0,"ttl":64,"ipid":48824,"tcpseq":851030750,"tcpack":194846460,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:12.868915+0100","flow_id":1591433382927342,"event_type":"alert","src_ip":"192.168.1.2","src_port":47782,"dest_ip":"216.239.36.21","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.214","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:12.869840+0100","flow_id":78015756835346,"event_type":"alert","src_ip":"192.168.1.2","src_port":47784,"dest_ip":"216.239.36.21","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.214","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:12.892856+0100","flow_id":1661819308515049,"event_type":"alert","src_ip":"192.168.1.2","src_port":54766,"dest_ip":"216.239.34.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.214","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:12.892854+0100","flow_id":1918190201380585,"event_type":"alert","src_ip":"192.168.1.2","src_port":54768,"dest_ip":"216.239.34.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.214","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:12.893637+0100","flow_id":278019500450417,"event_type":"alert","src_ip":"192.168.1.2","src_port":54770,"dest_ip":"216.239.34.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.214","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:12.894363+0100","flow_id":187114370147672,"event_type":"alert","src_ip":"192.168.1.2","src_port":54772,"dest_ip":"216.239.34.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.214","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:12.908740+0100","flow_id":99144850005286,"event_type":"alert","src_ip":"192.168.1.2","src_port":54774,"dest_ip":"216.239.34.21","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.214","http_method":"HEAD","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:13.008638+0100","flow_id":1591433382927342,"event_type":"alert","src_ip":"192.168.1.2","src_port":47782,"dest_ip":"216.239.36.21","dest_port":80,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.214","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:13.008677+0100","flow_id":78015756835346,"event_type":"alert","src_ip":"192.168.1.2","src_port":47784,"dest_ip":"216.239.36.21","dest_port":80,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.214","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:13.030610+0100","flow_id":187114370147672,"event_type":"alert","src_ip":"192.168.1.2","src_port":54772,"dest_ip":"216.239.34.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.214","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:13.030807+0100","flow_id":1918190201380585,"event_type":"alert","src_ip":"192.168.1.2","src_port":54768,"dest_ip":"216.239.34.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.214","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:13.031168+0100","flow_id":278019500450417,"event_type":"alert","src_ip":"192.168.1.2","src_port":54770,"dest_ip":"216.239.34.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.214","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:13.036225+0100","flow_id":1661819308515049,"event_type":"alert","src_ip":"192.168.1.2","src_port":54766,"dest_ip":"216.239.34.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.214","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:13.056318+0100","flow_id":99144850005286,"event_type":"alert","src_ip":"192.168.1.2","src_port":54774,"dest_ip":"216.239.34.21","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2020716,"rev":3,"signature":"ET POLICY Possible External IP Lookup ipinfo.io","category":"Potential Corporate Privacy Violation","severity":1},"http":{"hostname":"ipinfo.io","url":"\/ip","xff":"192.168.9.214","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:13.258726+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":15080,"tcpseq":3004459944,"tcpack":1574308257,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:14.614814+0100","flow_id":1981354138009910,"event_type":"drop","src_ip":"192.168.9.155","src_port":56009,"dest_ip":"172.217.23.78","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":127,"ipid":28334,"tcpseq":4068914097,"tcpack":3305923310,"tcpwin":35441,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:14.917876+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":854,"tos":0,"ttl":64,"ipid":15083,"tcpseq":3004460820,"tcpack":1574308993,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:15.385400+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":926,"tos":0,"ttl":64,"ipid":15086,"tcpseq":3004461622,"tcpack":1574309497,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:15.603345+0100","flow_id":542147100773857,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":46574,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:11:15.603357+0100","flow_id":542147100773857,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":46574,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:11:17.565897+0100","flow_id":889496130236411,"event_type":"drop","src_ip":"88.221.145.154","src_port":80,"dest_ip":"192.168.1.2","dest_port":54198,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":59,"ipid":53550,"tcpseq":290656387,"tcpack":972890220,"tcpwin":905,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:21.096240+0100","flow_id":1860822320691993,"event_type":"alert","src_ip":"192.168.1.2","src_port":34412,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":18,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/0458eaf464495f29\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335291&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513320798&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=28EDD40C2540FBDCFE5843AE11A6BDC70CBA4DC5.12AB9B09648572F2F4FB1DC6A63B9CDE81757109&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.9.18","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:21.096240+0100","flow_id":1860822320691993,"event_type":"drop","src_ip":"192.168.1.2","src_port":34412,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":964,"tos":0,"ttl":64,"ipid":10941,"tcpseq":2420685167,"tcpack":1149363732,"tcpwin":5492,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":18,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T08:11:21.307707+0100","flow_id":1860822320691993,"event_type":"drop","src_ip":"192.168.1.2","src_port":34412,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","drop":{"len":964,"tos":0,"ttl":64,"ipid":10942,"tcpseq":2420685167,"tcpack":1149363732,"tcpwin":5492,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:11:22.484461+0100","flow_id":1255296358843516,"event_type":"drop","src_ip":"192.168.1.2","src_port":45200,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":492,"tos":0,"ttl":64,"ipid":48827,"tcpseq":851031125,"tcpack":194847004,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:22.492940+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":492,"tos":0,"ttl":64,"ipid":47149,"tcpseq":2210628582,"tcpack":1497246005,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:22.729186+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":514,"tos":0,"ttl":64,"ipid":47152,"tcpseq":2210629022,"tcpack":1497246549,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:23.157131+0100","flow_id":1353079880057950,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.1.2","dest_port":45494,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:11:23.157287+0100","flow_id":1353079880057950,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.1.2","dest_port":45494,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:11:23.851893+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":15089,"tcpseq":3004462496,"tcpack":1574311168,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:24.280870+0100","flow_id":542147100773857,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":46574,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:11:24.310516+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":15091,"tcpseq":3004463373,"tcpack":1574311865,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:24.494292+0100","flow_id":542147100773857,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":46574,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:11:24.528581+0100","flow_id":542147100773857,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":46574,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:11:25.534168+0100","flow_id":201966367876684,"event_type":"drop","src_ip":"192.168.1.2","src_port":59868,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":373,"tos":0,"ttl":64,"ipid":61835,"tcpseq":602060327,"tcpack":806141750,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:25.624383+0100","flow_id":1886388116883104,"event_type":"drop","src_ip":"192.168.1.2","src_port":59886,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":373,"tos":0,"ttl":64,"ipid":44589,"tcpseq":2681595426,"tcpack":825176113,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:25.936144+0100","flow_id":127893214414962,"event_type":"drop","src_ip":"192.168.1.2","src_port":59926,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":373,"tos":0,"ttl":64,"ipid":19725,"tcpseq":4002874423,"tcpack":806757488,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:26.023433+0100","flow_id":1501713666038532,"event_type":"drop","src_ip":"192.168.1.2","src_port":59928,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":373,"tos":0,"ttl":64,"ipid":60770,"tcpseq":3875054842,"tcpack":815927692,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:28.309016+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":15095,"tcpseq":3004464249,"tcpack":1574312601,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:29.309141+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":15100,"tcpseq":3004465125,"tcpack":1574315740,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:30.308770+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":15105,"tcpseq":3004466001,"tcpack":1574319188,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:31.554774+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":930,"tos":0,"ttl":64,"ipid":15115,"tcpseq":3004466878,"tcpack":1574329781,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:31.643653+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":499,"tos":0,"ttl":64,"ipid":47332,"tcpseq":2210629484,"tcpack":1497758392,"tcpwin":5200,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:31.861603+0100","flow_id":1353079880057950,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.1.2","dest_port":45494,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:11:31.861621+0100","flow_id":1353079880057950,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.1.2","dest_port":45494,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:11:32.629080+0100","flow_id":114615323498679,"event_type":"drop","src_ip":"192.168.1.2","src_port":47924,"dest_ip":"52.50.1.88","dest_port":80,"proto":"TCP","drop":{"len":549,"tos":0,"ttl":64,"ipid":22232,"tcpseq":1518024081,"tcpack":956827351,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2021381,"rev":7,"signature":"ET TROJAN Zberp receiving config via image file - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:11:34.027368+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":930,"tos":0,"ttl":64,"ipid":15118,"tcpseq":3004467756,"tcpack":1574330347,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:35.262228+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":930,"tos":0,"ttl":64,"ipid":15136,"tcpseq":3004468634,"tcpack":1574352975,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:35.448187+0100","flow_id":1498052207040052,"event_type":"drop","src_ip":"192.168.1.2","src_port":49472,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":14016,"tcpseq":3570292952,"tcpack":999095560,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:36.524315+0100","flow_id":1498052207040052,"event_type":"drop","src_ip":"192.168.1.2","src_port":49472,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":931,"tos":0,"ttl":64,"ipid":14019,"tcpseq":3570293829,"tcpack":999096301,"tcpwin":240,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:37.745800+0100","flow_id":1498052207040052,"event_type":"drop","src_ip":"192.168.1.2","src_port":49472,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":932,"tos":0,"ttl":64,"ipid":14086,"tcpseq":3570294708,"tcpack":999189531,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:38.996223+0100","flow_id":1498052207040052,"event_type":"drop","src_ip":"192.168.1.2","src_port":49472,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":932,"tos":0,"ttl":64,"ipid":14123,"tcpseq":3570295588,"tcpack":999274472,"tcpwin":1424,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:40.246203+0100","flow_id":1498052207040052,"event_type":"drop","src_ip":"192.168.1.2","src_port":49472,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":933,"tos":0,"ttl":64,"ipid":14351,"tcpseq":3570296468,"tcpack":999681121,"tcpwin":4862,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:41.511506+0100","flow_id":1498052207040052,"event_type":"drop","src_ip":"192.168.1.2","src_port":49472,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":934,"tos":0,"ttl":64,"ipid":14609,"tcpseq":3570297349,"tcpack":1000224568,"tcpwin":7495,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:42.776028+0100","flow_id":1498052207040052,"event_type":"drop","src_ip":"192.168.1.2","src_port":49472,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":934,"tos":0,"ttl":64,"ipid":15360,"tcpseq":3570298231,"tcpack":1002068530,"tcpwin":12017,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:44.151256+0100","flow_id":1498052207040052,"event_type":"drop","src_ip":"192.168.1.2","src_port":49472,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":935,"tos":0,"ttl":64,"ipid":17061,"tcpseq":3570299113,"tcpack":1005758544,"tcpwin":12017,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:45.541109+0100","flow_id":1498052207040052,"event_type":"drop","src_ip":"192.168.1.2","src_port":49472,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":19030,"tcpseq":3570299996,"tcpack":1011444333,"tcpwin":12017,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:46.517230+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":15155,"tcpseq":3004469512,"tcpack":1574376648,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:46.722907+0100","flow_id":2220478591797097,"event_type":"alert","src_ip":"192.168.1.2","src_port":58920,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/o\/openssl\/libssl1.0.0_1.0.2g-1ubuntu11.4_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:46.765420+0100","flow_id":249698488331677,"event_type":"alert","src_ip":"192.168.1.2","src_port":58924,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/p\/python2.7\/python2.7-minimal_2.7.13-2ubuntu0.1_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:46.770128+0100","flow_id":1266675872316204,"event_type":"alert","src_ip":"192.168.1.2","src_port":59822,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":23,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/0259190345c2ea09\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/o\/openssl\/libssl1.0.0_1.0.2g-1ubuntu11.4_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:46.807679+0100","flow_id":1588798424240815,"event_type":"alert","src_ip":"192.168.1.2","src_port":58926,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/p\/python2.7\/libpython2.7-minimal_2.7.13-2ubuntu0.1_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:46.848163+0100","flow_id":1661621742268596,"event_type":"alert","src_ip":"192.168.1.2","src_port":58928,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/c\/curl\/libcurl3-gnutls_7.52.1-4ubuntu1.4_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:46.889339+0100","flow_id":1646537817100573,"event_type":"alert","src_ip":"192.168.1.2","src_port":58930,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/libx\/libxml2\/libxml2_2.9.4%2bdfsg1-2.2ubuntu0.3_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:46.899376+0100","flow_id":340217066828403,"event_type":"alert","src_ip":"192.168.1.2","src_port":34410,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":12,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/0259b2039bc2d187\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/c\/curl\/libcurl3-gnutls_7.52.1-4ubuntu1.4_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:46.929532+0100","flow_id":639385166032553,"event_type":"alert","src_ip":"192.168.1.2","src_port":58932,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/r\/rsync\/rsync_3.1.2-1ubuntu0.1_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:46.948736+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":15158,"tcpseq":3004470389,"tcpack":1574377384,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:46.969635+0100","flow_id":118753525418817,"event_type":"alert","src_ip":"192.168.1.2","src_port":58936,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/c\/curl\/curl_7.52.1-4ubuntu1.4_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:47.006353+0100","flow_id":340217066828403,"event_type":"alert","src_ip":"192.168.1.2","src_port":34410,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":13,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/02594603f7c233b0\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/libx\/libxml2\/libxml2_2.9.4%2bdfsg1-2.2ubuntu0.3_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:47.010396+0100","flow_id":1788681907284017,"event_type":"alert","src_ip":"192.168.1.2","src_port":58938,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/c\/curl\/libcurl3_7.52.1-4ubuntu1.4_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:47.066405+0100","flow_id":188087182492407,"event_type":"alert","src_ip":"192.168.1.2","src_port":58944,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/e\/evince\/libevdocument3-4_3.24.0-0ubuntu1.3_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:47.106485+0100","flow_id":1799580386828097,"event_type":"alert","src_ip":"192.168.1.2","src_port":58946,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/e\/evince\/evince-common_3.24.0-0ubuntu1.3_all.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:47.146512+0100","flow_id":1626291341310960,"event_type":"alert","src_ip":"192.168.1.2","src_port":58948,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/e\/evince\/libevview3-3_3.24.0-0ubuntu1.3_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:47.188833+0100","flow_id":1551816608440243,"event_type":"alert","src_ip":"192.168.1.2","src_port":58950,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/f\/firefox\/firefox_57.0.1%2bbuild2-0ubuntu0.17.04.1_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:47.203199+0100","flow_id":1266675872316204,"event_type":"alert","src_ip":"192.168.1.2","src_port":59822,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":24,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/0259cb03a7c2c734\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/p\/python2.7\/python2.7-minimal_2.7.13-2ubuntu0.1_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:47.307256+0100","flow_id":340217066828403,"event_type":"alert","src_ip":"192.168.1.2","src_port":34410,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":14,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/0259f60360c2b3d8\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/r\/rsync\/rsync_3.1.2-1ubuntu0.1_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:47.480598+0100","flow_id":340217066828403,"event_type":"alert","src_ip":"192.168.1.2","src_port":34410,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":15,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/02594103e1c3c800\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/c\/curl\/curl_7.52.1-4ubuntu1.4_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:47.597348+0100","flow_id":340217066828403,"event_type":"alert","src_ip":"192.168.1.2","src_port":34410,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":16,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/0259cf032ec31260\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/e\/evince\/libevdocument3-4_3.24.0-0ubuntu1.3_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:48.057939+0100","flow_id":1266675872316204,"event_type":"alert","src_ip":"192.168.1.2","src_port":59822,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":25,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/0259e70393c2055e\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/p\/python2.7\/libpython2.7-minimal_2.7.13-2ubuntu0.1_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:48.121200+0100","flow_id":340217066828403,"event_type":"alert","src_ip":"192.168.1.2","src_port":34410,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":17,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/025991039ac38789\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/e\/evince\/evince-common_3.24.0-0ubuntu1.3_all.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:48.200382+0100","flow_id":1266675872316204,"event_type":"alert","src_ip":"192.168.1.2","src_port":59822,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":26,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/02593503edc3f328\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/c\/curl\/libcurl3_7.52.1-4ubuntu1.4_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:48.275266+0100","flow_id":1266675872316204,"event_type":"alert","src_ip":"192.168.1.2","src_port":59822,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":27,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/0259ac0367c367b1\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/e\/evince\/libevview3-3_3.24.0-0ubuntu1.3_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:54.442879+0100","flow_id":1551816608440243,"event_type":"alert","src_ip":"192.168.1.2","src_port":58950,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/f\/firefox\/firefox-locale-en_57.0.1%2bbuild2-0ubuntu0.17.04.1_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:55.047658+0100","flow_id":1551816608440243,"event_type":"alert","src_ip":"192.168.1.2","src_port":58950,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/f\/firefox\/firefox-locale-it_57.0.1%2bbuild2-0ubuntu0.17.04.1_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:55.143543+0100","flow_id":1551816608440243,"event_type":"alert","src_ip":"192.168.1.2","src_port":58950,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/libx\/libxcursor\/libxcursor1_1.1.14-1ubuntu0.17.04.1_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:55.159060+0100","flow_id":351061859350784,"event_type":"alert","src_ip":"192.168.1.2","src_port":59796,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":19,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/02590b0397e2f4ed\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/libx\/libxcursor\/libxcursor1_1.1.14-1ubuntu0.17.04.1_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:55.196827+0100","flow_id":731284581843032,"event_type":"alert","src_ip":"192.168.1.2","src_port":59338,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/libx\/libxfont1\/libxfont1_1.5.2-4ubuntu0.2_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:55.306432+0100","flow_id":731284581843032,"event_type":"alert","src_ip":"192.168.1.2","src_port":59338,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/libx\/libxfont\/libxfont2_2.0.1-3ubuntu0.2_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:55.316429+0100","flow_id":340217066828403,"event_type":"alert","src_ip":"192.168.1.2","src_port":34410,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":23,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/02590603a2e31d92\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/libx\/libxfont\/libxfont2_2.0.1-3ubuntu0.2_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:55.346406+0100","flow_id":1758483992758492,"event_type":"alert","src_ip":"192.168.1.2","src_port":59358,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/l\/linux-firmware\/linux-firmware_1.164.2_all.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:57.596094+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":17815,"tcpseq":3004471273,"tcpack":1581322107,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:11:58.068221+0100","flow_id":1758483992758492,"event_type":"alert","src_ip":"192.168.1.2","src_port":59358,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/l\/linux\/linux-image-4.10.0-42-generic_4.10.0-42.46_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:58.078531+0100","flow_id":340217066828403,"event_type":"alert","src_ip":"192.168.1.2","src_port":34410,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":24,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/02593f03bfee2b5a\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/l\/linux\/linux-image-4.10.0-42-generic_4.10.0-42.46_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:58.132901+0100","flow_id":1587447657793170,"event_type":"alert","src_ip":"192.168.1.2","src_port":59468,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/l\/linux\/linux-image-extra-4.10.0-42-generic_4.10.0-42.46_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:58.142011+0100","flow_id":351061859350784,"event_type":"alert","src_ip":"192.168.1.2","src_port":59796,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":21,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/02592f0351ee699b\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/l\/linux\/linux-image-extra-4.10.0-42-generic_4.10.0-42.46_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:58.171390+0100","flow_id":713915734334759,"event_type":"alert","src_ip":"192.168.1.2","src_port":59474,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/l\/linux-meta\/linux-generic_4.10.0.42.42_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:58.203887+0100","flow_id":713915734334759,"event_type":"alert","src_ip":"192.168.1.2","src_port":59474,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/l\/linux-meta\/linux-image-generic_4.10.0.42.42_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:58.236804+0100","flow_id":713915734334759,"event_type":"alert","src_ip":"192.168.1.2","src_port":59474,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/l\/linux-signed\/linux-signed-image-4.10.0-42-generic_4.10.0-42.46_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:58.269745+0100","flow_id":713915734334759,"event_type":"alert","src_ip":"192.168.1.2","src_port":59474,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":3,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/l\/linux-meta\/linux-signed-generic_4.10.0.42.42_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:58.302812+0100","flow_id":713915734334759,"event_type":"alert","src_ip":"192.168.1.2","src_port":59474,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":4,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/l\/linux-meta\/linux-signed-image-generic_4.10.0.42.42_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:58.335745+0100","flow_id":713915734334759,"event_type":"alert","src_ip":"192.168.1.2","src_port":59474,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":5,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/l\/linux\/linux-headers-4.10.0-42_4.10.0-42.46_all.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:58.375288+0100","flow_id":850626690857267,"event_type":"alert","src_ip":"192.168.1.2","src_port":59476,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/l\/linux\/linux-headers-4.10.0-42-generic_4.10.0-42.46_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:58.417313+0100","flow_id":2116815261949269,"event_type":"alert","src_ip":"192.168.1.2","src_port":59488,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/l\/linux-meta\/linux-headers-generic_4.10.0.42.42_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:58.449736+0100","flow_id":2116815261949269,"event_type":"alert","src_ip":"192.168.1.2","src_port":59488,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/l\/linux\/linux-libc-dev_4.10.0-42.46_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:58.486643+0100","flow_id":1767348805463194,"event_type":"alert","src_ip":"192.168.1.2","src_port":59494,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/t\/thunderbird\/thunderbird-locale-en_52.5.0%2bbuild1-0ubuntu0.17.04.1_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:58.724582+0100","flow_id":1767348805463194,"event_type":"alert","src_ip":"192.168.1.2","src_port":59494,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/t\/thunderbird\/thunderbird-locale-it_52.5.0%2bbuild1-0ubuntu0.17.04.1_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:11:58.840286+0100","flow_id":1767348805463194,"event_type":"alert","src_ip":"192.168.1.2","src_port":59494,"dest_ip":"90.147.160.69","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"it.archive.ubuntu.com","url":"\/ubuntu\/pool\/main\/t\/thunderbird\/thunderbird_52.5.0%2bbuild1-0ubuntu0.17.04.1_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:12:02.190595+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":861,"tos":0,"ttl":64,"ipid":17818,"tcpseq":3004472150,"tcpack":1581322843,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:02.492534+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":933,"tos":0,"ttl":64,"ipid":17821,"tcpseq":3004472959,"tcpack":1581323347,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:02.934772+0100","flow_id":542147100773857,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":46574,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:12:02.934782+0100","flow_id":542147100773857,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":46574,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:12:03.558755+0100","flow_id":340217066828403,"event_type":"alert","src_ip":"192.168.1.2","src_port":34410,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":25,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/0259c703faef048e\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/l\/linux\/linux-headers-4.10.0-42-generic_4.10.0-42.46_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:12:03.869778+0100","flow_id":340217066828403,"event_type":"alert","src_ip":"192.168.1.2","src_port":34410,"dest_ip":"151.99.72.106","dest_port":80,"proto":"TCP","tx_id":26,"alert":{"action":"allowed","gid":1,"signature_id":2013504,"rev":5,"signature":"ET POLICY GNU\/Linux APT User-Agent Outbound likely related to package management","category":"Not Suspicious Traffic","severity":3},"http":{"hostname":"151.99.72.106","url":"\/data\/0259720349ef76d8\/it.archive.ubuntu.com\/ubuntu\/pool\/main\/l\/linux\/linux-libc-dev_4.10.0-42.46_amd64.deb","http_user_agent":"Debian APT-HTTP\/1.3 (1.4.6)","xff":"192.168.9.229","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:12:07.674461+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":17825,"tcpseq":3004473840,"tcpack":1581325018,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:07.895355+0100","flow_id":542147100773857,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":46574,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:12:10.949596+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":17828,"tcpseq":3004474717,"tcpack":1581325771,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:11.381573+0100","flow_id":542147100773857,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":46574,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:12:11.676070+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":503,"tos":0,"ttl":64,"ipid":47337,"tcpseq":2210629931,"tcpack":1497764299,"tcpwin":5312,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:18.711949+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":17831,"tcpseq":3004475601,"tcpack":1581326468,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:22.575295+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":17834,"tcpseq":3004476478,"tcpack":1581327204,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:26.584573+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":17837,"tcpseq":3004477362,"tcpack":1581327938,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:27.594387+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":17840,"tcpseq":3004478246,"tcpack":1581328807,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:28.597257+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":17844,"tcpseq":3004479130,"tcpack":1581331229,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:29.604845+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":17848,"tcpseq":3004480014,"tcpack":1581333256,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:29.785911+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":12253,"tcpseq":2694606200,"tcpack":2355400055,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:31.779513+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":17853,"tcpseq":3004480898,"tcpack":1581336267,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:32.063247+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":937,"tos":0,"ttl":64,"ipid":17856,"tcpseq":3004481775,"tcpack":1581337078,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:33.509962+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":938,"tos":0,"ttl":64,"ipid":17870,"tcpseq":3004482660,"tcpack":1581353119,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:34.971396+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":939,"tos":0,"ttl":64,"ipid":17890,"tcpseq":3004483546,"tcpack":1581380742,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:36.273353+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":940,"tos":0,"ttl":64,"ipid":17912,"tcpseq":3004484433,"tcpack":1581432493,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:37.621195+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":940,"tos":0,"ttl":64,"ipid":17960,"tcpseq":3004485321,"tcpack":1581540722,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:40.219905+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":941,"tos":0,"ttl":64,"ipid":18004,"tcpseq":3004486209,"tcpack":1581638401,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:40.815881+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":18260,"tcpseq":3004487098,"tcpack":1582344512,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:41.526090+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":942,"tos":0,"ttl":64,"ipid":18266,"tcpseq":3004487975,"tcpack":1582348858,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:41.820004+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":930,"tos":0,"ttl":64,"ipid":12256,"tcpseq":2694607077,"tcpack":2355400791,"tcpwin":240,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:42.844370+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":942,"tos":0,"ttl":64,"ipid":12263,"tcpseq":2694607955,"tcpack":2355407909,"tcpwin":353,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:43.275747+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":931,"tos":0,"ttl":64,"ipid":13446,"tcpseq":2694608845,"tcpack":2358257227,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:44.189380+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":943,"tos":0,"ttl":64,"ipid":13454,"tcpseq":2694609724,"tcpack":2358274003,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:44.773005+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":931,"tos":0,"ttl":64,"ipid":18771,"tcpseq":3004488865,"tcpack":1583772470,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:45.602029+0100","flow_id":542147100773857,"event_type":"drop","src_ip":"192.168.1.2","src_port":46574,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":944,"tos":0,"ttl":64,"ipid":18793,"tcpseq":3004489744,"tcpack":1583806480,"tcpwin":10885,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:46.079753+0100","flow_id":1552149472261099,"event_type":"drop","src_ip":"192.168.9.190","src_port":52610,"dest_ip":"172.217.23.78","dest_port":80,"proto":"TCP","drop":{"len":431,"tos":0,"ttl":127,"ipid":10162,"tcpseq":887787670,"tcpack":3852928165,"tcpwin":16560,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:46.237590+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":932,"tos":0,"ttl":64,"ipid":15431,"tcpseq":2694610615,"tcpack":2363974737,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:46.384005+0100","flow_id":202032945224550,"event_type":"drop","src_ip":"192.168.1.2","src_port":52176,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":854,"tos":0,"ttl":64,"ipid":23172,"tcpseq":923523578,"tcpack":1805272136,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:46.683645+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":926,"tos":0,"ttl":64,"ipid":15465,"tcpseq":2694611495,"tcpack":2364041457,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:46.890531+0100","flow_id":202032945224550,"event_type":"drop","src_ip":"192.168.1.2","src_port":52176,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":944,"tos":0,"ttl":64,"ipid":23175,"tcpseq":923524380,"tcpack":1805272640,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:46.902575+0100","flow_id":50538710170994,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":51604,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:12:46.902580+0100","flow_id":50538710170994,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":51604,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:12:47.703613+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":933,"tos":0,"ttl":64,"ipid":15468,"tcpseq":2694612369,"tcpack":2364043128,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:47.962653+0100","flow_id":1942695143507682,"event_type":"drop","src_ip":"192.168.8.233","src_port":49914,"dest_ip":"172.217.23.78","dest_port":80,"proto":"TCP","drop":{"len":432,"tos":0,"ttl":127,"ipid":12992,"tcpseq":2672855488,"tcpack":3532269599,"tcpwin":16560,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:48.130016+0100","flow_id":50538710170994,"event_type":"alert","src_ip":"64.15.120.99","src_port":80,"dest_ip":"192.168.1.2","dest_port":51604,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:12:48.959769+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":852,"tos":0,"ttl":64,"ipid":40661,"tcpseq":3688698691,"tcpack":1664394106,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:49.167345+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":933,"tos":0,"ttl":64,"ipid":15531,"tcpseq":2694613250,"tcpack":2364217590,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:49.228011+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":923,"tos":0,"ttl":64,"ipid":40664,"tcpseq":3688699491,"tcpack":1664394610,"tcpwin":237,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:49.680416+0100","flow_id":694897622426717,"event_type":"alert","src_ip":"64.15.120.26","src_port":80,"dest_ip":"192.168.1.2","dest_port":37216,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:12:50.636616+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":934,"tos":0,"ttl":64,"ipid":15724,"tcpseq":2694614131,"tcpack":2364767274,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:51.721721+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":47346,"tcpseq":2210630382,"tcpack":1497773252,"tcpwin":5447,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:52.035455+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":935,"tos":0,"ttl":64,"ipid":16096,"tcpseq":2694615013,"tcpack":2365868732,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:52.110532+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":926,"tos":0,"ttl":64,"ipid":40667,"tcpseq":3688700362,"tcpack":1664396010,"tcpwin":259,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:52.341854+0100","flow_id":694897622426717,"event_type":"alert","src_ip":"64.15.120.26","src_port":80,"dest_ip":"192.168.1.2","dest_port":37216,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:12:53.438068+0100","flow_id":1266675872316204,"event_type":"alert","src_ip":"192.168.1.2","src_port":59822,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":47,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/045831fbc89c7443\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335772&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513321284&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=6AE0D58C43659BD2D24145A98392338FF0E3A9F2.34EC77D5B00618497DE4EB09FD47E536242E0113&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.9.94","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:12:53.438068+0100","flow_id":1266675872316204,"event_type":"drop","src_ip":"192.168.1.2","src_port":59822,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":7087,"tcpseq":2625682510,"tcpack":3525705622,"tcpwin":4276,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":47,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T08:12:53.444652+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":927,"tos":0,"ttl":64,"ipid":40671,"tcpseq":3688701236,"tcpack":1664397820,"tcpwin":304,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:53.490647+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":935,"tos":0,"ttl":64,"ipid":16863,"tcpseq":2694615896,"tcpack":2368073741,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:53.652753+0100","flow_id":1266675872316204,"event_type":"drop","src_ip":"192.168.1.2","src_port":59822,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":961,"tos":0,"ttl":64,"ipid":7088,"tcpseq":2625682510,"tcpack":3525705622,"tcpwin":4276,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:12:54.445785+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":928,"tos":0,"ttl":64,"ipid":40676,"tcpseq":3688702111,"tcpack":1664401475,"tcpwin":371,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:54.962932+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":18375,"tcpseq":2694616779,"tcpack":2372485848,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:55.123651+0100","flow_id":202032945224550,"event_type":"drop","src_ip":"192.168.1.2","src_port":52176,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":25944,"tcpseq":923525272,"tcpack":1812611852,"tcpwin":9756,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:55.445801+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":40683,"tcpseq":3688702987,"tcpack":1664407310,"tcpwin":461,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:56.450848+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":937,"tos":0,"ttl":64,"ipid":20897,"tcpseq":2694617663,"tcpack":2379742517,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:56.718719+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":40696,"tcpseq":3688703864,"tcpack":1664422877,"tcpwin":709,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:57.885276+0100","flow_id":2014859184669068,"event_type":"drop","src_ip":"192.168.1.2","src_port":36338,"dest_ip":"95.101.68.185","dest_port":80,"proto":"TCP","drop":{"len":579,"tos":0,"ttl":64,"ipid":21731,"tcpseq":1511515279,"tcpack":28233822,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2021381,"rev":7,"signature":"ET TROJAN Zberp receiving config via image file - SET","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:12:57.963120+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":930,"tos":0,"ttl":64,"ipid":40715,"tcpseq":3688704741,"tcpack":1664446740,"tcpwin":1091,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:12:59.210846+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":931,"tos":0,"ttl":64,"ipid":40762,"tcpseq":3688705619,"tcpack":1664515031,"tcpwin":1694,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:00.509778+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":931,"tos":0,"ttl":64,"ipid":40813,"tcpseq":3688706498,"tcpack":1664616024,"tcpwin":1937,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:00.671611+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":929,"tos":0,"ttl":64,"ipid":25100,"tcpseq":2694618548,"tcpack":2391886851,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:01.672134+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":930,"tos":0,"ttl":64,"ipid":25104,"tcpseq":2694619425,"tcpack":2391890506,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:01.795029+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":931,"tos":0,"ttl":64,"ipid":40958,"tcpseq":3688707377,"tcpack":1664895152,"tcpwin":3613,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:02.906221+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":931,"tos":0,"ttl":64,"ipid":25113,"tcpseq":2694620303,"tcpack":2391899583,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:03.072641+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":932,"tos":0,"ttl":64,"ipid":41138,"tcpseq":3688708256,"tcpack":1665295025,"tcpwin":5031,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:04.156431+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":931,"tos":0,"ttl":64,"ipid":25124,"tcpseq":2694621182,"tcpack":2391911814,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:04.397060+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":933,"tos":0,"ttl":64,"ipid":41649,"tcpseq":3688709136,"tcpack":1666417803,"tcpwin":9992,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:04.750161+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":931,"tos":0,"ttl":64,"ipid":25140,"tcpseq":2694622061,"tcpack":2391931049,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:05.776072+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":933,"tos":0,"ttl":64,"ipid":42440,"tcpseq":3688710017,"tcpack":1668665452,"tcpwin":9992,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:06.002770+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":932,"tos":0,"ttl":64,"ipid":25170,"tcpseq":2694622940,"tcpack":2391986272,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:06.625418+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":933,"tos":0,"ttl":64,"ipid":25211,"tcpseq":2694623820,"tcpack":2392074295,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:06.766870+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":474,"tos":0,"ttl":64,"ipid":47355,"tcpseq":2210630834,"tcpack":1497782198,"tcpwin":5582,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:07.195453+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":503,"tos":0,"ttl":64,"ipid":47358,"tcpseq":2210631256,"tcpack":1497782742,"tcpwin":5605,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:07.232761+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":934,"tos":0,"ttl":64,"ipid":44012,"tcpseq":3688710898,"tcpack":1673162836,"tcpwin":9992,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:07.490968+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":503,"tos":0,"ttl":64,"ipid":47452,"tcpseq":2210631707,"tcpack":1498045488,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:07.807675+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":503,"tos":0,"ttl":64,"ipid":17753,"tcpseq":999002749,"tcpack":3804367040,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:07.891025+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":933,"tos":0,"ttl":64,"ipid":25297,"tcpseq":2694624701,"tcpack":2392291627,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:08.130040+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":503,"tos":0,"ttl":64,"ipid":17918,"tcpseq":999003200,"tcpack":3804629786,"tcpwin":3242,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:08.425541+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":503,"tos":0,"ttl":64,"ipid":47547,"tcpseq":2210632158,"tcpack":1498308234,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:08.531457+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":934,"tos":0,"ttl":64,"ipid":25421,"tcpseq":2694625582,"tcpack":2392634909,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:08.656362+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":503,"tos":0,"ttl":64,"ipid":18024,"tcpseq":999003651,"tcpack":3804892532,"tcpwin":3422,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:08.711924+0100","flow_id":694897622426717,"event_type":"drop","src_ip":"192.168.1.2","src_port":37216,"dest_ip":"64.15.120.26","dest_port":80,"proto":"TCP","drop":{"len":935,"tos":0,"ttl":64,"ipid":46515,"tcpseq":3688711780,"tcpack":1680346375,"tcpwin":9992,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:08.951817+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":503,"tos":0,"ttl":64,"ipid":18210,"tcpseq":999004102,"tcpack":3805155278,"tcpwin":7517,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:09.247197+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":503,"tos":0,"ttl":64,"ipid":47571,"tcpseq":2210632609,"tcpack":1498348019,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:09.783416+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":47673,"tcpseq":2210633060,"tcpack":1498610765,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:09.813321+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":935,"tos":0,"ttl":64,"ipid":25751,"tcpseq":2694626464,"tcpack":2393555723,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:10.078923+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":47767,"tcpseq":2210633512,"tcpack":1498873511,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:10.374477+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":18349,"tcpseq":999004553,"tcpack":3805418024,"tcpwin":8573,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:10.494141+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":935,"tos":0,"ttl":64,"ipid":26261,"tcpseq":2694627347,"tcpack":2394993058,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:10.674495+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":18451,"tcpseq":999005005,"tcpack":3805680770,"tcpwin":8573,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:10.969883+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":47861,"tcpseq":2210633964,"tcpack":1499136257,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:11.277103+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":47955,"tcpseq":2210634416,"tcpack":1499399003,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:11.404123+0100","flow_id":1542855163025156,"event_type":"drop","src_ip":"192.168.8.1","src_port":3129,"dest_ip":"192.168.9.190","dest_port":52612,"proto":"TCP","drop":{"len":1500,"tos":0,"ttl":64,"ipid":58251,"tcpseq":3991655541,"tcpack":2630962772,"tcpwin":397,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:11.516904+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":936,"tos":0,"ttl":64,"ipid":27756,"tcpseq":2694628230,"tcpack":2399269728,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:11.572225+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":18553,"tcpseq":999005457,"tcpack":3805943516,"tcpwin":8573,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:11.867766+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":18655,"tcpseq":999005909,"tcpack":3806206262,"tcpwin":8573,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:12.163631+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":48049,"tcpseq":2210634868,"tcpack":1499661749,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:12.460461+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":48146,"tcpseq":2210635320,"tcpack":1499924495,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:12.595205+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":937,"tos":0,"ttl":64,"ipid":30591,"tcpseq":2694629114,"tcpack":2407565358,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:12.755060+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":18757,"tcpseq":999006361,"tcpack":3806469008,"tcpwin":8573,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:13.050300+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":18859,"tcpseq":999006813,"tcpack":3806731754,"tcpwin":8573,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:13.346346+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":48240,"tcpseq":2210635772,"tcpack":1500187241,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:13.642173+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":48334,"tcpseq":2210636224,"tcpack":1500449987,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:13.946882+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":18961,"tcpseq":999007265,"tcpack":3806994500,"tcpwin":8573,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:14.064273+0100","flow_id":50538710170994,"event_type":"drop","src_ip":"192.168.1.2","src_port":51604,"dest_ip":"64.15.120.99","dest_port":80,"proto":"TCP","drop":{"len":937,"tos":0,"ttl":64,"ipid":34821,"tcpseq":2694629999,"tcpack":2419817459,"tcpwin":8642,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:14.242466+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":19063,"tcpseq":999007717,"tcpack":3807257246,"tcpwin":8573,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:14.537530+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":48428,"tcpseq":2210636676,"tcpack":1500712733,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:14.833653+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":497,"tos":0,"ttl":64,"ipid":48522,"tcpseq":2210637128,"tcpack":1500975479,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:15.133290+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":502,"tos":0,"ttl":64,"ipid":19165,"tcpseq":999008169,"tcpack":3807519992,"tcpwin":8573,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:15.262867+0100","flow_id":1353079880057950,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.1.2","dest_port":45494,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:13:15.262878+0100","flow_id":1353079880057950,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.1.2","dest_port":45494,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:13:15.428203+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":502,"tos":0,"ttl":64,"ipid":19267,"tcpseq":999008619,"tcpack":3807782736,"tcpwin":8573,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:15.724670+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":503,"tos":0,"ttl":64,"ipid":48616,"tcpseq":2210637573,"tcpack":1501238218,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:31.738647+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":48710,"tcpseq":2210638024,"tcpack":1501500963,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:38.654794+0100","flow_id":1353079880057950,"event_type":"drop","src_ip":"192.168.1.2","src_port":45494,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":515,"tos":0,"ttl":64,"ipid":48716,"tcpseq":2210638476,"tcpack":1501509907,"tcpwin":6752,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:38.874449+0100","flow_id":1353079880057950,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.1.2","dest_port":45494,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:13:38.874708+0100","flow_id":1353079880057950,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.1.2","dest_port":45494,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2014819,"rev":3,"signature":"ET INFO Packed Executable Download","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T08:13:38.875648+0100","flow_id":2001516866500974,"event_type":"alert","src_ip":"192.168.1.2","src_port":36002,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":25,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":4,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"http":{"hostname":"151.99.72.114","url":"\/data\/02596d059c785616\/7.au.download.windowsupdate.com\/d\/msdownload\/update\/software\/defu\/2017\/12\/am_delta_patch_1.259.284.0_a6277d74042bdb6d985fe4a87ebbecf3ff72b6c0.exe","http_user_agent":"Microsoft-Delivery-Optimization\/10.0","xff":"192.168.9.196","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:13:38.875648+0100","flow_id":2001516866500974,"event_type":"drop","src_ip":"192.168.1.2","src_port":36002,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":551,"tos":0,"ttl":64,"ipid":28976,"tcpseq":540843679,"tcpack":3693623352,"tcpwin":4254,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:38.888633+0100","flow_id":1353079880057950,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.1.2","dest_port":45494,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:13:39.085691+0100","flow_id":2001516866500974,"event_type":"drop","src_ip":"192.168.1.2","src_port":36002,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":551,"tos":0,"ttl":64,"ipid":28977,"tcpseq":540843679,"tcpack":3693623352,"tcpwin":4254,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:13:39.345889+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":492,"tos":0,"ttl":64,"ipid":19369,"tcpseq":999009069,"tcpack":3808045480,"tcpwin":8573,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:49.989858+0100","flow_id":565659912328746,"event_type":"alert","src_ip":"192.168.1.2","src_port":39392,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":4,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3},"http":{"hostname":"151.99.72.114","url":"\/data\/0458d1fb1486e200\/r16---sn-nx5cvox-hpae7.gvt1.com\/edgedl\/release2\/chrome\/AJFa9NIwPYkE_63.0.3239.84\/63.0.3239.84_62.0.3202.94_chrome_updater.exe?cms_redirect=yes&expire=1513335766&ip=79.7.253.77&ipbits=0&mm=28&mn=sn-nx5cvox-hpae7&ms=nvh&mt=1513321284&mv=m&nh=EAI&pl=16&shardbypass=yes&sparams=expire,ip,ipbits,mm,mn,ms,mv,nh,pl,shardbypass&signature=3BF8406D2479696A62DB40FF907725B30BA3EB6C.42DF6A6181504AD2A9E15EC25ADE7A8013F2E6F5&key=cms1","http_user_agent":"Microsoft BITS\/7.8","xff":"192.168.8.63","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:13:49.989858+0100","flow_id":565659912328746,"event_type":"drop","src_ip":"192.168.1.2","src_port":39392,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":964,"tos":0,"ttl":64,"ipid":58042,"tcpseq":3494549217,"tcpack":3937152034,"tcpwin":2972,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"tx_id":4,"alert":{"action":"blocked","gid":1,"signature_id":2022858,"rev":2,"signature":"ET CURRENT_EVENTS Suspicious BITS EXE DL Dotted Quad as Observed in Recent Cerber Campaign","category":"Misc activity","severity":3}} | |
| {"timestamp":"2017-12-15T08:13:50.201711+0100","flow_id":565659912328746,"event_type":"drop","src_ip":"192.168.1.2","src_port":39392,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":964,"tos":0,"ttl":64,"ipid":58043,"tcpseq":3494549217,"tcpack":3937152034,"tcpwin":2972,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:13:54.759253+0100","flow_id":1218168524805452,"event_type":"drop","src_ip":"192.168.1.2","src_port":38402,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":13915,"tcpseq":931117249,"tcpack":143459063,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:54.839924+0100","flow_id":701464631759008,"event_type":"drop","src_ip":"192.168.1.2","src_port":38406,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":25068,"tcpseq":2869751553,"tcpack":158735622,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:55.082870+0100","flow_id":501465184682596,"event_type":"drop","src_ip":"192.168.1.2","src_port":38432,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":58549,"tcpseq":21916528,"tcpack":832979726,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:13:55.153172+0100","flow_id":806401420252627,"event_type":"drop","src_ip":"192.168.1.2","src_port":38438,"dest_ip":"23.50.155.27","dest_port":80,"proto":"TCP","drop":{"len":372,"tos":0,"ttl":64,"ipid":2257,"tcpseq":1952487661,"tcpack":816174487,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2016539,"rev":6,"signature":"ET CURRENT_EVENTS Java Download non Jar file","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:08.769021+0100","flow_id":1597162882382633,"event_type":"drop","src_ip":"192.168.1.2","src_port":33520,"dest_ip":"5.45.58.150","dest_port":80,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":64,"ipid":1483,"tcpseq":1601094217,"tcpack":3062388860,"tcpwin":229,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2024554,"rev":7,"signature":"ET CURRENT_EVENTS Possible Successful Generic Phish (set) Feb 26 2016","category":"A Network Trojan was detected","severity":1}} | |
| {"timestamp":"2017-12-15T08:14:11.809154+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":504,"tos":0,"ttl":64,"ipid":19372,"tcpseq":999009509,"tcpack":3808046024,"tcpwin":8573,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:12.676587+0100","flow_id":1353079880057950,"event_type":"alert","src_ip":"13.107.4.50","src_port":80,"dest_ip":"192.168.1.2","dest_port":45494,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2000419,"rev":22,"signature":"ET POLICY PE EXE or DLL Windows file download","category":"Potential Corporate Privacy Violation","severity":1}} | |
| {"timestamp":"2017-12-15T08:14:31.499545+0100","flow_id":385125258053529,"event_type":"drop","src_ip":"192.168.8.1","src_port":3129,"dest_ip":"192.168.9.254","dest_port":49421,"proto":"TCP","drop":{"len":1500,"tos":0,"ttl":64,"ipid":21056,"tcpseq":2096848634,"tcpack":3358070061,"tcpwin":346,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.500931+0100","flow_id":385125258053529,"event_type":"drop","src_ip":"192.168.8.1","src_port":3129,"dest_ip":"192.168.9.254","dest_port":49421,"proto":"TCP","drop":{"len":1500,"tos":0,"ttl":64,"ipid":21068,"tcpseq":2096848634,"tcpack":3358070061,"tcpwin":346,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.502051+0100","flow_id":385125258053529,"event_type":"drop","src_ip":"192.168.8.1","src_port":3129,"dest_ip":"192.168.9.254","dest_port":49421,"proto":"TCP","drop":{"len":1500,"tos":0,"ttl":64,"ipid":21078,"tcpseq":2096848634,"tcpack":3358070061,"tcpwin":346,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.502069+0100","flow_id":385125258053529,"event_type":"drop","src_ip":"192.168.8.1","src_port":3129,"dest_ip":"192.168.9.254","dest_port":49421,"proto":"TCP","drop":{"len":1440,"tos":0,"ttl":64,"ipid":21081,"tcpseq":2096879138,"tcpack":3358070061,"tcpwin":346,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.502704+0100","flow_id":385125258053529,"event_type":"drop","src_ip":"192.168.8.1","src_port":3129,"dest_ip":"192.168.9.254","dest_port":49421,"proto":"TCP","drop":{"len":1500,"tos":0,"ttl":64,"ipid":21085,"tcpseq":2096848634,"tcpack":3358070061,"tcpwin":346,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.502866+0100","flow_id":385125258053529,"event_type":"drop","src_ip":"192.168.8.1","src_port":3129,"dest_ip":"192.168.9.254","dest_port":49421,"proto":"TCP","drop":{"len":1440,"tos":0,"ttl":64,"ipid":21086,"tcpseq":2096879138,"tcpack":3358070061,"tcpwin":346,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.703693+0100","flow_id":385125258053529,"event_type":"drop","src_ip":"192.168.8.1","src_port":3129,"dest_ip":"192.168.9.254","dest_port":49421,"proto":"TCP","drop":{"len":1500,"tos":0,"ttl":64,"ipid":21087,"tcpseq":2096848634,"tcpack":3358070061,"tcpwin":346,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.724027+0100","flow_id":770119684059874,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":33944,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":13166,"tcpseq":1492546604,"tcpack":1047324492,"tcpwin":168,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.737239+0100","flow_id":770119684059874,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":33944,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":13187,"tcpseq":1492546604,"tcpack":1047324492,"tcpwin":168,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.745938+0100","flow_id":770119684059874,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":33944,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":13198,"tcpseq":1492546604,"tcpack":1047324492,"tcpwin":168,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.755546+0100","flow_id":770119684059874,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":33944,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":13210,"tcpseq":1492546604,"tcpack":1047324492,"tcpwin":168,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.769990+0100","flow_id":770119684059874,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":33944,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":13219,"tcpseq":1492546604,"tcpack":1047324492,"tcpwin":168,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.779529+0100","flow_id":770119684059874,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":33944,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":13230,"tcpseq":1492546604,"tcpack":1047324492,"tcpwin":168,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.795492+0100","flow_id":770119684059874,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":33944,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":13240,"tcpseq":1492546604,"tcpack":1047324492,"tcpwin":168,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.797253+0100","flow_id":770119684059874,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":33944,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":13244,"tcpseq":1492650284,"tcpack":1047324492,"tcpwin":168,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.805533+0100","flow_id":770119684059874,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":33944,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":13246,"tcpseq":1492546604,"tcpack":1047324492,"tcpwin":168,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:31.805733+0100","flow_id":770119684059874,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":33944,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":13247,"tcpseq":1492650284,"tcpack":1047324492,"tcpwin":168,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:32.030409+0100","flow_id":770119684059874,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":33944,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":13248,"tcpseq":1492546604,"tcpack":1047324492,"tcpwin":168,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:32.059418+0100","flow_id":28121134234575,"event_type":"drop","src_ip":"192.168.8.1","src_port":3129,"dest_ip":"192.168.9.254","dest_port":49433,"proto":"TCP","drop":{"len":1500,"tos":0,"ttl":64,"ipid":23469,"tcpseq":1370267598,"tcpack":64442092,"tcpwin":371,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:32.106694+0100","flow_id":385125258053529,"event_type":"drop","src_ip":"192.168.8.1","src_port":3129,"dest_ip":"192.168.9.254","dest_port":49421,"proto":"TCP","drop":{"len":1500,"tos":0,"ttl":64,"ipid":21088,"tcpseq":2096848634,"tcpack":3358070061,"tcpwin":346,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:32.177510+0100","flow_id":1944035178051233,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":34214,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":47329,"tcpseq":1144704393,"tcpack":2204553567,"tcpwin":185,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:32.186393+0100","flow_id":1944035178051233,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":34214,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":47372,"tcpseq":1144704393,"tcpack":2204553567,"tcpwin":185,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:32.195180+0100","flow_id":1944035178051233,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":34214,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":47402,"tcpseq":1144704393,"tcpack":2204553567,"tcpwin":185,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:32.204295+0100","flow_id":1944035178051233,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":34214,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":47410,"tcpseq":1144704393,"tcpack":2204553567,"tcpwin":185,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:32.408990+0100","flow_id":1944035178051233,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":34214,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":47411,"tcpseq":1144704393,"tcpack":2204553567,"tcpwin":185,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:32.432799+0100","flow_id":770119684059874,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":33944,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":13249,"tcpseq":1492546604,"tcpack":1047324492,"tcpwin":168,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:32.828743+0100","flow_id":1944035178051233,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":34214,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":47412,"tcpseq":1144704393,"tcpack":2204553567,"tcpwin":185,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:32.913966+0100","flow_id":385125258053529,"event_type":"drop","src_ip":"192.168.8.1","src_port":3129,"dest_ip":"192.168.9.254","dest_port":49421,"proto":"TCP","drop":{"len":1500,"tos":0,"ttl":64,"ipid":21089,"tcpseq":2096848634,"tcpack":3358070061,"tcpwin":346,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:33.272241+0100","flow_id":770119684059874,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":33944,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":13250,"tcpseq":1492546604,"tcpack":1047324492,"tcpwin":168,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:33.670816+0100","flow_id":1944035178051233,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":34214,"proto":"TCP","drop":{"len":1492,"tos":0,"ttl":246,"ipid":47413,"tcpseq":1144704393,"tcpack":2204553567,"tcpwin":185,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:34.525699+0100","flow_id":385125258053529,"event_type":"drop","src_ip":"192.168.8.1","src_port":3129,"dest_ip":"192.168.9.254","dest_port":49421,"proto":"TCP","drop":{"len":1500,"tos":0,"ttl":64,"ipid":21090,"tcpseq":2096848634,"tcpack":3358070061,"tcpwin":346,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:34.952230+0100","flow_id":770119684059874,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":33944,"proto":"TCP","drop":{"len":1076,"tos":0,"ttl":246,"ipid":13251,"tcpseq":1492546604,"tcpack":1047324492,"tcpwin":168,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:35.365544+0100","flow_id":1944035178051233,"event_type":"drop","src_ip":"52.85.17.34","src_port":80,"dest_ip":"192.168.1.2","dest_port":34214,"proto":"TCP","drop":{"len":1076,"tos":0,"ttl":246,"ipid":47414,"tcpseq":1144704393,"tcpack":2204553567,"tcpwin":185,"syn":false,"ack":true,"psh":false,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2018375,"rev":3,"signature":"ET CURRENT_EVENTS TLS HeartBeat Request (Server Initiated) fb set","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:36.507571+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":473,"tos":0,"ttl":64,"ipid":19381,"tcpseq":999009961,"tcpack":3808054968,"tcpwin":8573,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:36.734811+0100","flow_id":1926434398622381,"event_type":"drop","src_ip":"192.168.1.2","src_port":49752,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":502,"tos":0,"ttl":64,"ipid":19384,"tcpseq":999010382,"tcpack":3808055512,"tcpwin":8573,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:36.753879+0100","flow_id":1810375798194313,"event_type":"drop","src_ip":"192.168.1.2","src_port":54400,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":502,"tos":0,"ttl":64,"ipid":58825,"tcpseq":1380964197,"tcpack":614113163,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:36.995382+0100","flow_id":533389653282357,"event_type":"alert","src_ip":"192.168.1.2","src_port":55494,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":80,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":4,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"http":{"hostname":"151.99.72.114","url":"\/data\/0259e206885b2f0d\/7.au.download.windowsupdate.com\/d\/msdownload\/update\/software\/defu\/2017\/12\/am_delta_b4a5f0f8cf6ea28fcf50f8476dc0f719d1c538a3.exe","http_user_agent":"Microsoft-Delivery-Optimization\/10.0","xff":"192.168.9.44","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:14:36.995382+0100","flow_id":533389653282357,"event_type":"drop","src_ip":"192.168.1.2","src_port":55494,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":538,"tos":0,"ttl":64,"ipid":50650,"tcpseq":4046659168,"tcpack":656329386,"tcpwin":5483,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:37.173868+0100","flow_id":1330226367425791,"event_type":"alert","src_ip":"192.168.1.2","src_port":38812,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","tx_id":20,"alert":{"action":"allowed","gid":1,"signature_id":2016141,"rev":4,"signature":"ET INFO Executable Download from dotted-quad Host","category":"A Network Trojan was detected","severity":1},"http":{"hostname":"151.99.72.114","url":"\/data\/0259ca06d35b29ca\/7.au.download.windowsupdate.com\/d\/msdownload\/update\/software\/defu\/2017\/12\/am_delta_b4a5f0f8cf6ea28fcf50f8476dc0f719d1c538a3.exe","http_user_agent":"Microsoft-Delivery-Optimization\/10.0","xff":"192.168.9.44","http_method":"GET","protocol":"HTTP\/1.1","length":0}} | |
| {"timestamp":"2017-12-15T08:14:37.173868+0100","flow_id":1330226367425791,"event_type":"drop","src_ip":"192.168.1.2","src_port":38812,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":538,"tos":0,"ttl":64,"ipid":47781,"tcpseq":705617788,"tcpack":1639894798,"tcpwin":4558,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:37.206692+0100","flow_id":533389653282357,"event_type":"drop","src_ip":"192.168.1.2","src_port":55494,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":538,"tos":0,"ttl":64,"ipid":50651,"tcpseq":4046659168,"tcpack":656329386,"tcpwin":5483,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:14:37.388731+0100","flow_id":1330226367425791,"event_type":"drop","src_ip":"192.168.1.2","src_port":38812,"dest_ip":"151.99.72.114","dest_port":80,"proto":"TCP","drop":{"len":538,"tos":0,"ttl":64,"ipid":47782,"tcpseq":705617788,"tcpack":1639894798,"tcpwin":4558,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0}} | |
| {"timestamp":"2017-12-15T08:14:37.512988+0100","flow_id":1172729921131389,"event_type":"drop","src_ip":"192.168.1.2","src_port":54454,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":491,"tos":0,"ttl":64,"ipid":42226,"tcpseq":4125725029,"tcpack":3248364364,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:37.513015+0100","flow_id":772731026920380,"event_type":"drop","src_ip":"192.168.1.2","src_port":54452,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":491,"tos":0,"ttl":64,"ipid":8614,"tcpseq":223089713,"tcpack":3750924126,"tcpwin":229,"syn":false,"ack":true,"psh":true,"rst":false,"urg":false,"fin":false,"tcpres":0,"tcpurgp":0},"alert":{"action":"blocked","gid":1,"signature_id":2020573,"rev":2,"signature":"ET CURRENT_EVENTS INFO .exe download with no referer (noalert)","category":"Potentially Bad Traffic","severity":2}} | |
| {"timestamp":"2017-12-15T08:14:37.749331+0100","flow_id":1172729921131389,"event_type":"drop","src_ip":"192.168.1.2","src_port":54454,"dest_ip":"13.107.4.50","dest_port":80,"proto":"TCP","drop":{"len":513,"tos":0,"ttl":64," |
View raw
(Sorry about that, but we can’t show files that are this big right now.)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment