Created
May 17, 2020 19:44
-
-
Save wheel5up/da2a446ff00587ae2e220199f586bf2f to your computer and use it in GitHub Desktop.
Synthetic GuardDuty Finding
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { | |
| "version":"0", | |
| "id":"41bf9552-66c8-9430-5139-894482655fba", | |
| "detail-type":"GuardDuty Finding", | |
| "source":"aws.guardduty", | |
| "account":"**********", | |
| "time":"2020-01-17T15:00:00Z", | |
| "region":"us-east-1", | |
| "resources":[ | |
| ], | |
| "detail":{ | |
| "schemaVersion":"2.0", | |
| "accountId":"***********", | |
| "myvar":"P2", | |
| "region":"us-east-1", | |
| "partition":"aws", | |
| "id":"feedface9", | |
| "arn":"arn:aws:guardduty:us-east-1:********:detector/ceb2d5b551466d0c5f57c2daf1de73c2/finding/70b2d648077b11aa2363aae900821252", | |
| "type":"Recon:EC2/PortProbeUnprotectedPort", | |
| "resource":{ | |
| "resourceType":"Instance", | |
| "instanceDetails":{ | |
| "instanceId":"********", | |
| "instanceType":"c2.2xlarge", | |
| "launchTime":"2015-01-28T02:02:49Z", | |
| "platform":null, | |
| "productCodes":[ | |
| ], | |
| "iamInstanceProfile":null, | |
| "networkInterfaces":[ | |
| { | |
| "networkInterfaceId":"******", | |
| "privateIpAddresses":[ | |
| { | |
| "privateDnsName":"ip-10-10-10-10.ec2.internal", | |
| "privateIpAddress":"10.10.10.10" | |
| } | |
| ], | |
| "subnetId":"subnet-feedface", | |
| "vpcId":"vpc-feedface", | |
| "privateDnsName":"ip-10-10-10-10.ec2.internal", | |
| "securityGroups":[ | |
| { | |
| "groupName":"WEB", | |
| "groupId":"sg-feedface" | |
| } | |
| ], | |
| "publicIp":"53.164.101.150", | |
| "ipv6Addresses":[ | |
| ], | |
| "publicDnsName":"ec2-53-164-101-150.compute-1.amazonaws.com", | |
| "privateIpAddress":"10.25.5.234" | |
| } | |
| ], | |
| "tags":[ | |
| { | |
| "value":"web", | |
| "key":"Name" | |
| }, | |
| { | |
| "value":"true", | |
| "key":"backup" | |
| }, | |
| { | |
| "value":"cost", | |
| "key":"cost" | |
| } | |
| ], | |
| "instanceState":"running", | |
| "availabilityZone":"us-east-1b", | |
| "imageId":"ami-feedface", | |
| "imageDescription":"" | |
| } | |
| }, | |
| "service":{ | |
| "serviceName":"guardduty", | |
| "detectorId":"ceb2d5b551466d0c5f57c2daf1de73c2", | |
| "action":{ | |
| "actionType":"PORT_PROBE", | |
| "portProbeAction":{ | |
| "portProbeDetails":[ | |
| { | |
| "localPortDetails":{ | |
| "port":443, | |
| "portName":"HTTPS" | |
| }, | |
| "remoteIpDetails":{ | |
| "ipAddressV4":"222.186.19.221", | |
| "organization":{ | |
| "asn":"23650", | |
| "asnOrg":"AS Number for CHINANET jiangsu province backbone", | |
| "isp":"China Telecom", | |
| "org":"China Telecom jiangsu province backbone" | |
| }, | |
| "country":{ | |
| "countryName":"China" | |
| }, | |
| "city":{ | |
| "cityName":"Hefei" | |
| }, | |
| "geoLocation":{ | |
| "lat":31.8642, | |
| "lon":117.2865 | |
| } | |
| } | |
| } | |
| ], | |
| "blocked":false | |
| } | |
| }, | |
| "resourceRole":"TARGET", | |
| "additionalInfo":{ | |
| "threatName":"Scanner", | |
| "threatListName":"ProofPoint" | |
| }, | |
| "eventFirstSeen":"2018-09-06T01:07:59Z", | |
| "eventLastSeen":"2020-01-17T14:35:56Z", | |
| "archived":false, | |
| "count":1419 | |
| }, | |
| "severity":9, | |
| "createdAt":"2018-09-06T01:47:26.838Z", | |
| "updatedAt":"2020-01-17T14:45:30.249Z", | |
| "title":"Unprotected port on EC2 instance i-115ddbe0 is being probed.", | |
| "description":"EC2 instance has an unprotected port which is being probed by a known malicious host." | |
| } | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment