djcas9/pigsty.json

## pigsty.json
{
  "event_id": 10750,
  "sensor": {
    "name": "snorby.org",
    "interface": "eth0",
    "id": 0,
    "filter": null,
    "encoding": null,
    "detail": null
  },
  "loaded_at": {},
  "packets": [
    {
      "raw": {
        "sensor_id": 0,
        "event_id": 10750,
        "event_second": 1370559568,
        "packet_second": 1370559568,
        "packet_microsecond": 801868,
        "linktype": 1,
        "packet_length": 276,
        "packet_data": [
          0,
          0,
          0,
          0
        ]
      },
      "packet": {
        "dhost": "00:00:00:00:00:00",
        "shost": "00:00:00:00:00:00",
        "ethertype": 2048,
        "ip": {
          "version": 4,
          "header_length": 5,
          "header_bytes": 20,
          "diffserv": 0,
          "total_length": 262,
          "identification": 0,
          "flags": {
            "reserved": 0,
            "df": 0,
            "mf": 0
          },
          "fragment_offset": 0,
          "ttl": 0,
          "protocol": 6,
          "header_checksum": 54081,
          "saddr": "173.255.236.165",
          "daddr": "220.181.111.86",
          "protocol_name": "TCP",
          "tcp": {
            "sport": 59972,
            "dport": 80,
            "seqno": 0,
            "ackno": 0,
            "data_offset": 54,
            "header_bytes": 20,
            "reserved": 0,
            "flags": {
              "cwr": 0,
              "ece": 0,
              "urg": 0,
              "ack": 0,
              "psh": 0,
              "rst": 0,
              "syn": 0,
              "fin": 0
            },
            "window_size": 0,
            "checksum": 61902,
            "urgent_pointer": 0,
            "options": {},
            "data_end": 276,
            "data_bytes": 222
          }
        }
      }
    }
  ],
  "event": {
    "sensor_id": 0,
    "event_id": 10750,
    "event_second": 1370559568,
    "event_microsecond": 801868,
    "signature_id": 7777777,
    "generator_id": 1,
    "signature_revision": 1,
    "classification_id": 3,
    "priority_id": 2,
    "source_ip": 2919230629,
    "destination_ip": 3702878038,
    "source_port": 59972,
    "dest_port": 80,
    "protocol": 6,
    "impact_flag": 0,
    "impact": 0,
    "blocked": 0,
    "classification": {
      "name": "bad-unknown",
      "description": "Potentially Bad Traffic",
      "severity": 2
    },
    "signature": {
      "id": 7777777,
      "name": "[TS] ATTACK: Pigsty Example",
      "gen_id": 1,
      "references": [
        {
          "key": "url",
          "value": "http://https://threatstack.com"
        }
      ]
    },
    "generator": null,
    "src_ip": "173.255.236.165",
    "src_geo": {
      "range": [
        2919225524,
        2919231999
      ],
      "country": "US",
      "region": "NJ",
      "city": "Absecon",
      "ll": [
        39.4899,
        -74.4773
      ]
    },
    "dst_ip": "220.181.111.86",
    "dst_geo": {
      "range": [
        3702849536,
        3702926335
      ],
      "country": "CN",
      "region": "22",
      "city": "Beijing",
      "ll": [
        39.9289,
        116.3883
      ]
    }
  },
  "event_type": "UNIFIED2_IDS_EVENT_LEGACY"
}
	{
	"event_id": 10750,
	"sensor": {
	"name": "snorby.org",
	"interface": "eth0",
	"id": 0,
	"filter": null,
	"encoding": null,
	"detail": null
	},
	"loaded_at": {},
	"packets": [
	{
	"raw": {
	"sensor_id": 0,
	"event_id": 10750,
	"event_second": 1370559568,
	"packet_second": 1370559568,
	"packet_microsecond": 801868,
	"linktype": 1,
	"packet_length": 276,
	"packet_data": [
	0,
	0,
	0,
	0
	]
	},
	"packet": {
	"dhost": "00:00:00:00:00:00",
	"shost": "00:00:00:00:00:00",
	"ethertype": 2048,
	"ip": {
	"version": 4,
	"header_length": 5,
	"header_bytes": 20,
	"diffserv": 0,
	"total_length": 262,
	"identification": 0,
	"flags": {
	"reserved": 0,
	"df": 0,
	"mf": 0
	},
	"fragment_offset": 0,
	"ttl": 0,
	"protocol": 6,
	"header_checksum": 54081,
	"saddr": "173.255.236.165",
	"daddr": "220.181.111.86",
	"protocol_name": "TCP",
	"tcp": {
	"sport": 59972,
	"dport": 80,
	"seqno": 0,
	"ackno": 0,
	"data_offset": 54,
	"header_bytes": 20,
	"reserved": 0,
	"flags": {
	"cwr": 0,
	"ece": 0,
	"urg": 0,
	"ack": 0,
	"psh": 0,
	"rst": 0,
	"syn": 0,
	"fin": 0
	},
	"window_size": 0,
	"checksum": 61902,
	"urgent_pointer": 0,
	"options": {},
	"data_end": 276,
	"data_bytes": 222
	}
	}
	}
	}
	],
	"event": {
	"sensor_id": 0,
	"event_id": 10750,
	"event_second": 1370559568,
	"event_microsecond": 801868,
	"signature_id": 7777777,
	"generator_id": 1,
	"signature_revision": 1,
	"classification_id": 3,
	"priority_id": 2,
	"source_ip": 2919230629,
	"destination_ip": 3702878038,
	"source_port": 59972,
	"dest_port": 80,
	"protocol": 6,
	"impact_flag": 0,
	"impact": 0,
	"blocked": 0,
	"classification": {
	"name": "bad-unknown",
	"description": "Potentially Bad Traffic",
	"severity": 2
	},
	"signature": {
	"id": 7777777,
	"name": "[TS] ATTACK: Pigsty Example",
	"gen_id": 1,
	"references": [
	{
	"key": "url",
	"value": "http://https://threatstack.com"
	}
	]
	},
	"generator": null,
	"src_ip": "173.255.236.165",
	"src_geo": {
	"range": [
	2919225524,
	2919231999
	],
	"country": "US",
	"region": "NJ",
	"city": "Absecon",
	"ll": [
	39.4899,
	-74.4773
	]
	},
	"dst_ip": "220.181.111.86",
	"dst_geo": {
	"range": [
	3702849536,
	3702926335
	],
	"country": "CN",
	"region": "22",
	"city": "Beijing",
	"ll": [
	39.9289,
	116.3883
	]
	}
	},
	"event_type": "UNIFIED2_IDS_EVENT_LEGACY"
	}