sporkmonger/event.json

## event.json
{
  "observer": {"serial_number": "a194c73a"},
  "ecs": {"version": "1.0.1"},
  "related": {"ip": [
    "104.219.234.53",
    "redacted"
  ]},
  "log": {"level": "info"},
  "client": {
    "port": 56324,
    "ip": "redacted"
  },
  "http": {
    "request": {
      "headers": {
        "x_cloud_trace_context": ["962db8e67424cc438331dc85c8b8a7ae/3171449349826507742;o=1"],
        "x_forwarded_host": ["redacted"],
        "x_forwarded_proto": ["https"],
        "accept_encoding": ["gzip"],
        "content_length": ["0"],
        "forwarded": ["for=\"redacted\";proto=https"],
        "user_agent": ["h-hewwo? is anyone thewe? :c"],
        "accept": ["*/*"],
        "x_forwarded_for": ["104.219.234.53,redacted"]
      },
      "method": "GET",
      "body": {"bytes": 0}
    },
    "response": {
      "status_code": 404,
      "body": {"bytes": 19}
    },
    "version": "1.1"
  },
  "event": {
    "duration": 48758984,
    "evidence": {
      "allow": 0.248,
      "deny": 0.192,
      "verdict": "allowed",
      "rule_count": 25,
      "unknown": 0.56
    },
    "risk_score": 0.472,
    "risk_score_norm": 47.215,
    "start": "2020-03-13T07:18:43.307694059Z",
    "end": "2020-03-13T07:18:43.356453035Z"
  },
  "message": "GET / [user-agent-anomaly]",
  "url": {
    "path": "/",
    "original": "/",
    "domain": "redacted",
    "full": "redacted"
  },
  "user_agent": {"original": "h-hewwo? is anyone thewe? :c"},
  "tags": ["user-agent-anomaly"]
}
	{
	"observer": {"serial_number": "a194c73a"},
	"ecs": {"version": "1.0.1"},
	"related": {"ip": [
	"104.219.234.53",
	"redacted"
	]},
	"log": {"level": "info"},
	"client": {
	"port": 56324,
	"ip": "redacted"
	},
	"http": {
	"request": {
	"headers": {
	"x_cloud_trace_context": ["962db8e67424cc438331dc85c8b8a7ae/3171449349826507742;o=1"],
	"x_forwarded_host": ["redacted"],
	"x_forwarded_proto": ["https"],
	"accept_encoding": ["gzip"],
	"content_length": ["0"],
	"forwarded": ["for=\"redacted\";proto=https"],
	"user_agent": ["h-hewwo? is anyone thewe? :c"],
	"accept": ["/"],
	"x_forwarded_for": ["104.219.234.53,redacted"]
	},
	"method": "GET",
	"body": {"bytes": 0}
	},
	"response": {
	"status_code": 404,
	"body": {"bytes": 19}
	},
	"version": "1.1"
	},
	"event": {
	"duration": 48758984,
	"evidence": {
	"allow": 0.248,
	"deny": 0.192,
	"verdict": "allowed",
	"rule_count": 25,
	"unknown": 0.56
	},
	"risk_score": 0.472,
	"risk_score_norm": 47.215,
	"start": "2020-03-13T07:18:43.307694059Z",
	"end": "2020-03-13T07:18:43.356453035Z"
	},
	"message": "GET / [user-agent-anomaly]",
	"url": {
	"path": "/",
	"original": "/",
	"domain": "redacted",
	"full": "redacted"
	},
	"user_agent": {"original": "h-hewwo? is anyone thewe? :c"},
	"tags": ["user-agent-anomaly"]
	}