Filename: 097c8e2a-6b50-455c-846d-cc2b149831c5.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 23.3800258636 seconds
Hash: 0ad1c1d7fa8759d61531440d8096ef07
Uploaded: 1548855006

Logfiles


suricata-4.0.0-etpro-all-alert-2019-01-30-T-13-30-30-01302019.1330-097c8e2a-6b50-455c-846d-cc2b149831c5.pcap.txt - (203 bytes) - download
1
01/24/2019-13:03:57.710415  [**] [1:2016778:5] ET DNS Query to a *.pw domain - Likely Hostile [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.100.186:64036 -> 192.168.100.2:53


packet_stats.log - (14942 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           874          4968162      307745800     186362760        162.9b   94.50
 IPv4      17            58          3222608      313436099     151901573          8.8b    5.11
 IPv6      17             9          3556557      309061749      74683521        672.2m    0.39
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           874            71489       16566641        353488        308.9m   89.64
TMM_FLOWWORKER              IPv4      17            58           118150       15262433        492358         28.6m    8.29
TMM_RECEIVEPCAPFILE         IPv4       6           873             2547          31331          3042          2.7m    0.77
TMM_RECEIVEPCAPFILE         IPv4      17            58             2560          12239          3076        178.5k    0.05
TMM_DECODEPCAPFILE          IPv4       6           873             2647          53230          3024          2.6m    0.77
TMM_DECODEPCAPFILE          IPv4      17            58             2682          31535          3741        217.0k    0.06
TMM_FLOWWORKER              IPv6      17             9           108189         241915        155946          1.4m    0.41
TMM_RECEIVEPCAPFILE         IPv6      17             9             2618           2855          2780         25.0k    0.01
TMM_DECODEPCAPFILE          IPv6      17             9             2698          16119          4766         42.9k    0.01

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           873             2831          35832          3353          2.9m  0.95  
flow                    IPv4      17            58             2674          10491          3733        216.6k  0.07  
stream                  IPv4       6           874             2715         261373          7491          6.5m  2.12  
app-layer               IPv4      17            58             2521          31476          5360        310.9k  0.10  
detect                  IPv4       6           874            45950       16527764        324305        283.4m  91.64 
detect                  IPv4      17            58           101819         588117        203634         11.8m  3.82  
tcp-prune               IPv4       6           874             2553          50205          3139          2.7m  0.89  
flow                    IPv6      17             9             2825          15964          5113         46.0k  0.01  
app-layer               IPv6      17             9             2620          10557          5533         49.8k  0.02  
detect                  IPv6      17             9            91955         215737        134399          1.2m  0.39  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2            17102          21841         19471         38.9k  12.19 
dns                     IPv4      17             6             5262          17157          8448         50.7k  15.86 
http                    IPv6      17             1           229910         229910        229910        229.9k  71.95 
Proto detect            IPv4      17            12             2709          21145          6659         79.9k
Proto detect            IPv6      17             4             3030           4627          3615         14.5k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4      17             1           109946         109946        109946        109.9k  0.70  
LOGGER_UNIFIED2             IPv4      17             1           200682         200682        200682        200.7k  1.27  
LOGGER_JSON_ALERT           IPv4      17             1            89201          89201         89201         89.2k  0.56  
LOGGER_JSON_DNS             IPv4      17             6            35532       14750374       2510624         15.1m  95.30 
LOGGER_JSON_HTTP            IPv4       6             1           170668         170668        170668        170.7k  1.08  
LOGGER_JSON_FILE            IPv4       6             1           171758         171758        171758        171.8k  1.09  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           589             2866          91768         16140         9.5m  9.84  
payload                           IPv4      17            58             3133          47351         11838       686.6k  0.71  
stream                            IPv4       6           589             2540         664602         27559        16.2m  16.80 
http_uri                          IPv4       6             1            11868          11868         11868        11.9k  0.01  
http_request_line                 IPv4       6             1             7961           7961          7961         8.0k  0.01  
http_client_body                  IPv4       6             1             7901           7901          7901         7.9k  0.01  
http_header (request)             IPv4       6             1            46353          46353         46353        46.4k  0.05  
http_header (request trailer)     IPv4       6             1             2650           2650          2650         2.7k  0.00  
http_header_names (request)       IPv4       6             1            21113          21113         21113        21.1k  0.02  
http_accept (request)             IPv4       6             1             5008           5008          5008         5.0k  0.01  
http_referer (request)            IPv4       6             1             3942           3942          3942         3.9k  0.00  
http_content_len (request)        IPv4       6             1             4289           4289          4289         4.3k  0.00  
http_content_type (request)       IPv4       6             1             3756           3756          3756         3.8k  0.00  
http_protocol (request)           IPv4       6             1             6768           6768          6768         6.8k  0.01  
http_start (request)              IPv4       6             1            13764          13764         13764        13.8k  0.01  
http_raw_header (request)         IPv4       6             1            16663          16663         16663        16.7k  0.02  
http_method                       IPv4       6             1             6329           6329          6329         6.3k  0.01  
http_cookie (request)             IPv4       6             1             4203           4203          4203         4.2k  0.00  
http_raw_uri                      IPv4       6             1             5296           5296          5296         5.3k  0.01  
http_user_agent                   IPv4       6             1            16516          16516         16516        16.5k  0.02  
http_host                         IPv4       6             1             9598           9598          9598         9.6k  0.01  
dns_query                         IPv4      17             3             8727          13372         11243        33.7k  0.03  
http_response_line                IPv4       6             1            11384          11384         11384        11.4k  0.01  
http_header (response)            IPv4       6             1            54767          54767         54767        54.8k  0.06  
http_header (response trailer)    IPv4       6             1             3291           3291          3291         3.3k  0.00  
http_content_type (response)      IPv4       6             1            11361          11361         11361        11.4k  0.01  
http_raw_header (response)        IPv4       6           581             4036          66822          4613         2.7m  2.77  
http_cookie (response)            IPv4       6             1             3128           3128          3128         3.1k  0.00  
http_stat_code                    IPv4       6             1             4271           4271          4271         4.3k  0.00  
file_data (http response)         IPv4       6           580             2557       15968327        115744        67.1m  69.47 
Total                             IPv4                  2424                                         39832        96.6m
payload                           IPv6      17             9             3315          26811          9169        82.5k  0.09  
Total                             IPv6                     9                                          9169        82.5k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2            12954          60044         36499         73.0k  0.02  
PROF_DETECT_IPONLY          IPv4      17            12            37393         111084         54109        649.3k  0.16  
PROF_DETECT_RULES           IPv4       6           874             2538       14027753        123650        108.1m  26.05 
PROF_DETECT_RULES           IPv4      17            58            44241         415620        114106          6.6m  1.60  
PROF_DETECT_STATEFUL_START    IPv4       6           481             5115        4059107         80844         38.9m  9.37  
PROF_DETECT_STATEFUL_START    IPv4      17             1            19474          19474         19474         19.5k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6           874             2761          53408         12083         10.6m  2.55  
PROF_DETECT_STATEFUL_CONT    IPv4      17            58             2505          41860          3900        226.3k  0.05  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           870             2543          23180          2780          2.4m  0.58  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             6             2702           3307          2977         17.9k  0.00  
PROF_DETECT_PREFILTER       IPv4       6           874             8191       16171355        138801        121.3m  29.24 
PROF_DETECT_PREFILTER       IPv4      17            58            23765          72178         36136          2.1m  0.51  
PROF_DETECT_PF_PAYLOAD      IPv4       6           589            14251         702278         52070         30.7m  7.39  
PROF_DETECT_PF_PAYLOAD      IPv4      17            58             8228          52665         17380          1.0m  0.24  
PROF_DETECT_PF_TX           IPv4       6           870             2542       15986800         87295         75.9m  18.31 
PROF_DETECT_PF_TX           IPv4      17             3            14622          19305         17290         51.9k  0.01  
PROF_DETECT_PF_SORT1        IPv4       6           301             2551          16703          3414          1.0m  0.25  
PROF_DETECT_PF_SORT1        IPv4      17            58             2579          17622          3784        219.5k  0.05  
PROF_DETECT_PF_SORT2        IPv4       6           874             2522          36082          2898          2.5m  0.61  
PROF_DETECT_PF_SORT2        IPv4      17            58             2545           4529          2933        170.2k  0.04  
PROF_DETECT_NONMPMLIST      IPv4       6           874             2546          27026          2967          2.6m  0.63  
PROF_DETECT_NONMPMLIST      IPv4      17            58             2518           3715          2842        164.9k  0.04  
PROF_DETECT_ALERT           IPv4       6           874             2519          43640          2885          2.5m  0.61  
PROF_DETECT_ALERT           IPv4      17            58             2531          11442          2844        165.0k  0.04  
PROF_DETECT_CLEANUP         IPv4       6           874             2555          55537          2970          2.6m  0.63  
PROF_DETECT_CLEANUP         IPv4      17            58             2520           5553          2848        165.2k  0.04  
PROF_DETECT_GETSGH          IPv4       6           874             2518          59029          3000          2.6m  0.63  
PROF_DETECT_GETSGH          IPv4      17            58             2532          79686          4943        286.7k  0.07  
PROF_DETECT_IPONLY          IPv6      17             4             3469           7811          5526         22.1k  0.01  
PROF_DETECT_RULES           IPv6      17             9            33675         112827         58212        523.9k  0.13  
PROF_DETECT_STATEFUL_CONT    IPv6      17             9             2560           3369          2884         26.0k  0.01  
PROF_DETECT_PREFILTER       IPv6      17             9            24218          49755         31695        285.3k  0.07  
PROF_DETECT_PF_PAYLOAD      IPv6      17             9             8541          31962         14405        129.6k  0.03  
PROF_DETECT_PF_SORT1        IPv6      17             9             2595           4216          3159         28.4k  0.01  
PROF_DETECT_PF_SORT2        IPv6      17             9             2540           3073          2686         24.2k  0.01  
PROF_DETECT_NONMPMLIST      IPv6      17             9             2524           2798          2718         24.5k  0.01  
PROF_DETECT_ALERT           IPv6      17             9             2529           3124          2643         23.8k  0.01  
PROF_DETECT_CLEANUP         IPv6      17             9             2524           3334          2829         25.5k  0.01  
PROF_DETECT_GETSGH          IPv6      17             9             2604          19053          5681         51.1k  0.01  


unified2.alert.1548855028 - (169 bytes) - download
1
2
3
4
5
4\I·½
×Æ
À¨dºÀ¨dú$5e\I·½\I·½
×IRT6>ÿRTJ¯E;рîÓÀ¨dºÀ¨dú$5',=ÿS
afsssdrfrmpw


stats.log - (3215 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
------------------------------------------------------------------------------------
Date: 1/30/2019 -- 13:30:30 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1396
decoder.bytes                              | Total                     | 531708
decoder.ipv4                               | Total                     | 931
decoder.ipv6                               | Total                     | 9
decoder.ethernet                           | Total                     | 1396
decoder.tcp                                | Total                     | 873
decoder.udp                                | Total                     | 67
decoder.avg_pkt_size                       | Total                     | 380
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 1
flow.udp                                   | Total                     | 13
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
tcp.rst                                    | Total                     | 1
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 4
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.dns_udp                     | Total                     | 3
app_layer.tx.dns_udp                       | Total                     | 3
app_layer.flow.failed_udp                  | Total                     | 10
flow_mgr.new_pruned                        | Total                     | 9
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 13
flow_mgr.flows_notimeout                   | Total                     | 3
flow_mgr.flows_timeout                     | Total                     | 10
flow_mgr.flows_timeout_inuse               | Total                     | 1
flow_mgr.flows_removed                     | Total                     | 9
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65523
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7078336


eve.json - (3450 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
{"timestamp":"2019-01-24T13:01:34.478556+0000","flow_id":246315152723292,"pcap_cnt":43,"event_type":"dns","src_ip":"192.168.100.186","src_port":52618,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33039,"rrname":"office365advance.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-24T13:01:34.758996+0000","flow_id":246315152723292,"pcap_cnt":46,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.186","dest_port":52618,"proto":"UDP","dns":{"type":"answer","id":33039,"rcode":"NOERROR","rrname":"office365advance.com","rrtype":"A","ttl":599,"rdata":"185.68.93.84"}}
{"timestamp":"2019-01-24T13:01:35.020517+0000","flow_id":1668748191637572,"pcap_cnt":919,"event_type":"http","src_ip":"192.168.100.186","src_port":49212,"dest_ip":"185.68.93.84","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"office365advance.com","url":"\/update","http_user_agent":"Windows Installer","http_content_type":"application\/octet-stream"}}
{"timestamp":"2019-01-24T13:01:56.644771+0000","flow_id":608999372543651,"pcap_cnt":963,"event_type":"dns","src_ip":"192.168.100.186","src_port":50348,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57257,"rrname":"vesecase.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-24T13:01:56.673540+0000","flow_id":608999372543651,"pcap_cnt":964,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.186","dest_port":50348,"proto":"UDP","dns":{"type":"answer","id":57257,"rcode":"NOERROR","rrname":"vesecase.com","rrtype":"A","ttl":1798,"rdata":"127.0.0.1"}}
{"timestamp":"2019-01-24T13:03:57.710415+0000","flow_id":1056655231801103,"pcap_cnt":1184,"event_type":"alert","src_ip":"192.168.100.186","src_port":64036,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2016778,"rev":5,"signature":"ET DNS Query to a *.pw domain - Likely Hostile","category":"Potentially Bad Traffic","severity":2},"app_proto":"dns"}
{"timestamp":"2019-01-24T13:03:57.710415+0000","flow_id":1056655231801103,"pcap_cnt":1184,"event_type":"dns","src_ip":"192.168.100.186","src_port":64036,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":65363,"rrname":"afsssdrfrm.pw","rrtype":"A","tx_id":0}}
{"timestamp":"2019-01-24T13:03:57.724097+0000","flow_id":1056655231801103,"pcap_cnt":1185,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.186","dest_port":64036,"proto":"UDP","dns":{"type":"answer","id":65363,"rcode":"NXDOMAIN","rrname":"afsssdrfrm.pw"}}
{"timestamp":"2019-01-24T13:03:57.724097+0000","flow_id":1056655231801103,"pcap_cnt":1185,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.186","dest_port":64036,"proto":"UDP","dns":{"type":"answer","id":65363,"rcode":"NXDOMAIN","rrname":"pw","rrtype":"SOA","ttl":1562}}
{"timestamp":"2019-01-24T13:06:30.904893+0000","flow_id":1668748191637572,"event_type":"fileinfo","src_ip":"185.68.93.84","src_port":80,"dest_ip":"192.168.100.186","dest_port":49212,"proto":"TCP","http":{"hostname":"office365advance.com","url":"\/update","http_user_agent":"Windows Installer","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":454656},"app_proto":"http","fileinfo":{"filename":"\/update","gaps":false,"state":"CLOSED","stored":false,"size":454656,"tx_id":0}}


keyword_perf.log - (10441 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 1/30/2019 -- 13:30:30
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             5870003         2003            2003            50842           2930.00         2930.00         0.00           
  content          29468908        1275            385             3703935         23112.00        42030.00        14929.00       
  pcre             668227          164             0               19746           4074.00         0.00            4074.00        
  byte_test        496124          160             100             6082            3100.00         3112.00         3081.00        
  byte_jump        64233           22              21              4227            2919.00         2923.00         2839.00        
  isdataat         8764            3               0               3085            2921.00         0.00            2921.00        
  flowbits         2186464         754             12              53628           2899.00         3608.00         2888.00        
  urilen           6182            2               1               3151            3091.00         3031.00         3151.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             5870003         2003            2003            50842           2930.00         2930.00         0.00           
  flowbits         2173823         752             10              53628           2890.00         3066.00         2888.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3584013         305             151             176849          11750.00        13467.00        10067.00       
  pcre             70560           10              0               19746           7056.00         0.00            7056.00        
  byte_test        496124          160             100             6082            3100.00         3112.00         3081.00        
  byte_jump        61394           21              21              4227            2923.00         2923.00         0.00           
  isdataat         8764            3               0               3085            2921.00         0.00            2921.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         12641           2               2               9563            6320.00         6320.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          25682           7               2               5479            3668.00         4367.00         3389.00        
  urilen           6182            2               1               3151            3091.00         3031.00         3151.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3048            1               0               3048            3048.00         0.00            3048.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          25715209        927             214             3703935         27740.00        65720.00        16340.00       
  pcre             573381          152             0               18184           3772.00         0.00            3772.00        
  byte_jump        2839            1               0               2839            2839.00         0.00            2839.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          91764           22              13              5868            4171.00         4304.00         3978.00        
  pcre             24286           2               0               15761           12143.00        0.00            12143.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          30042           8               1               4102            3755.00         4056.00         3712.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7891            2               1               3958            3945.00         3958.00         3933.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3673            1               1               3673            3673.00         3673.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dns_query
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          7586            2               2               4481            3793.00         3793.00         0.00           


suricata-4.0.0-etpro-all-perf.txt-2019-01-30-T-13-30-30-01302019.1330-097c8e2a-6b50-455c-846d-cc2b149831c5.pcap.txt - (40662 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 1/30/2019 -- 13:30:30. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2022132      1        1        13892271     13.64  24       0        13813747    578844.62   0.00        578844.62  
  2        2014958      1        1        8055089      7.91   10       0        7929554     805508.90   0.00        805508.90  
  3        2012520      1        7        3753014      3.68   1        1        3753014     3753014.00  3753014.00  0.00       
  4        2020865      1        3        5652300      5.55   44       0        296745      128461.36   0.00        128461.36  
  5        2820158      1        2        4706735      4.62   32       0        215947      147085.47   0.00        147085.47  
  6        2801929      1        7        462792       0.45   6        0        196331      77132.00    0.00        77132.00   
  7        2801930      1        7        422115       0.41   6        0        193380      70352.50    0.00        70352.50   
  8        2803027      1        6        512112       0.50   10       0        190483      51211.20    0.00        51211.20   
  9        2819930      1        2        6645621      6.52   46       0        185126      144470.02   0.00        144470.02  
  10       2802987      1        5        747492       0.73   18       0        182875      41527.33    0.00        41527.33   
  11       2820157      1        2        4474649      4.39   32       0        179610      139832.78   0.00        139832.78  
  12       2819664      1        2        6585295      6.47   46       0        172080      143158.59   0.00        143158.59  
  13       2809145      1        2        881625       0.87   8        0        154592      110203.12   0.00        110203.12  
  14       2804927      1        2        363223       0.36   6        0        146277      60537.17    0.00        60537.17   
  15       2804906      1        3        311012       0.31   5        0        129317      62202.40    0.00        62202.40   
  16       2802991      1        5        505592       0.50   9        0        117771      56176.89    0.00        56176.89   
  17       2803657      1        5        262114       0.26   4        0        111481      65528.50    0.00        65528.50   
  18       2812915      1        4        548848       0.54   9        0        107721      60983.11    0.00        60983.11   
  19       2019707      1        2        523295       0.51   8        0        98932       65411.88    0.00        65411.88   
  20       2812914      1        4        567066       0.56   9        0        93616       63007.33    0.00        63007.33   
  21       2812952      1        2        511962       0.50   9        0        92510       56884.67    0.00        56884.67   
  22       2819694      1        2        858039       0.84   55       0        81157       15600.71    0.00        15600.71   
  23       2812950      1        2        506402       0.50   9        0        80332       56266.89    0.00        56266.89   
  24       2804508      1        2        78450        0.08   1        0        78450       78450.00    0.00        78450.00   
  25       2018789      1        3        77709        0.08   1        0        77709       77709.00    0.00        77709.00   
  26       2812951      1        2        493952       0.48   9        0        73654       54883.56    0.00        54883.56   
  27       2805348      1        4        725173       0.71   15       0        72707       48344.87    0.00        48344.87   
  28       2016537      1        2        4055887      3.98   281      0        72421       14433.76    0.00        14433.76   
  29       2009909      1        10       70240        0.07   1        0        70240       70240.00    0.00        70240.00   
  30       2009897      1        14       69704        0.07   1        0        69704       69704.00    0.00        69704.00   
  31       2013441      1        9        69150        0.07   1        0        69150       69150.00    0.00        69150.00   
  32       2024650      1        1        1312551      1.29   87       0        65803       15086.79    0.00        15086.79   
  33       2014473      1        5        585147       0.57   38       0        64217       15398.61    0.00        15398.61   
  34       2022552      1        2        1131587      1.11   53       0        64090       21350.70    0.00        21350.70   
  35       2815287      1        3        418659       0.41   9        0        61119       46517.67    0.00        46517.67   
  36       2804911      1        3        468252       0.46   11       0        58404       42568.36    0.00        42568.36   
  37       2815254      1        7        58345        0.06   1        0        58345       58345.00    0.00        58345.00   
  38       2014819      1        3        57824        0.06   1        0        57824       57824.00    0.00        57824.00   
  39       2819857      1        1        57673        0.06   1        0        57673       57673.00    0.00        57673.00   
  40       2806802      1        2        2605320      2.56   129      0        55933       20196.28    0.00        20196.28   
  41       2810481      1        4        790710       0.78   38       0        54761       20808.16    0.00        20808.16   
  42       2816530      1        2        50549        0.05   1        0        50549       50549.00    0.00        50549.00   
  43       2804907      1        3        87131        0.09   2        0        49538       43565.50    0.00        43565.50   
  44       2016948      1        2        695435       0.68   49       0        48779       14192.55    0.00        14192.55   
  45       2811041      1        3        271777       0.27   12       0        47464       22648.08    0.00        22648.08   
  46       2014519      1        7        1127296      1.11   55       0        47119       20496.29    0.00        20496.29   
  47       2018316      1        4        47100        0.05   1        0        47100       47100.00    0.00        47100.00   
  48       2805985      1        2        46546        0.05   1        0        46546       46546.00    0.00        46546.00   
  49       2025315      1        1        45998        0.05   1        0        45998       45998.00    0.00        45998.00   
  50       2020569      1        1        45416        0.04   1        0        45416       45416.00    0.00        45416.00   
  51       2018982      1        2        45135        0.04   1        0        45135       45135.00    0.00        45135.00   
  52       2016112      1        3        507335       0.50   35       0        44861       14495.29    0.00        14495.29   
  53       2807400      1        3        44724        0.04   1        0        44724       44724.00    0.00        44724.00   
  54       2024771      1        1        3018359      2.96   581      0        44101       5195.11     0.00        5195.11    
  55       2808234      1        1        43782        0.04   1        0        43782       43782.00    0.00        43782.00   
  56       2022050      1        3        43664        0.04   1        0        43664       43664.00    0.00        43664.00   
  57       2008438      1        20       42653        0.04   1        0        42653       42653.00    0.00        42653.00   
  58       2018375      1        3        154593       0.15   10       0        41728       15459.30    0.00        15459.30   
  59       2807130      1        4        674209       0.66   47       0        40415       14344.87    0.00        14344.87   
  60       2810353      1        5        39662        0.04   1        0        39662       39662.00    0.00        39662.00   
  61       2809306      1        4        909483       0.89   63       0        36425       14436.24    0.00        14436.24   
  62       2802044      1        4        36162        0.04   1        0        36162       36162.00    0.00        36162.00   
  63       2018667      1        3        35806        0.04   1        0        35806       35806.00    0.00        35806.00   
  64       2017552      1        6        3793049      3.72   282      0        35676       13450.53    0.00        13450.53   
  65       2802177      1        3        35469        0.03   1        0        35469       35469.00    0.00        35469.00   
  66       2816356      1        2        35093        0.03   1        0        35093       35093.00    0.00        35093.00   
  67       2013250      1        3        34653        0.03   1        0        34653       34653.00    0.00        34653.00   
  68       2804158      1        3        34599        0.03   1        0        34599       34599.00    0.00        34599.00   
  69       2022008      1        3        34438        0.03   1        0        34438       34438.00    0.00        34438.00   
  70       2804157      1        4        34049        0.03   1        0        34049       34049.00    0.00        34049.00   
  71       2018666      1        4        33824        0.03   1        0        33824       33824.00    0.00        33824.00   
  72       2018959      1        3        33130        0.03   1        0        33130       33130.00    0.00        33130.00   
  73       2820931      1        2        205992       0.20   13       0        33095       15845.54    0.00        15845.54   
  74       2020742      1        1        32767        0.03   1        0        32767       32767.00    0.00        32767.00   
  75       2019834      1        2        32563        0.03   1        1        32563       32563.00    32563.00    0.00       
  76       2811537      1        1        35205        0.03   2        0        31951       17602.50    0.00        17602.50   
  77       2811542      1        1        31648        0.03   1        0        31648       31648.00    0.00        31648.00   
  78       2020741      1        1        31572        0.03   1        0        31572       31572.00    0.00        31572.00   
  79       2024829      1        2        918168       0.90   47       0        31516       19535.49    0.00        19535.49   
  80       2809532      1        1        34801        0.03   2        0        31449       17400.50    0.00        17400.50   
  81       2024909      1        2        825547       0.81   43       0        30894       19198.77    0.00        19198.77   
  82       2816330      1        2        30618        0.03   1        0        30618       30618.00    0.00        30618.00   
  83       2012981      1        5        56441        0.06   2        0        30373       28220.50    0.00        28220.50   
  84       2802043      1        3        30056        0.03   1        0        30056       30056.00    0.00        30056.00   
  85       2010140      1        7        244473       0.24   59       0        29616       4143.61     0.00        4143.61    
  86       2810451      1        5        53940        0.05   9        0        29485       5993.33     0.00        5993.33    
  87       2820926      1        2        189889       0.19   13       0        29478       14606.85    0.00        14606.85   
  88       2814226      1        2        179201       0.18   12       0        29279       14933.42    0.00        14933.42   
  89       2807878      1        2        29246        0.03   1        0        29246       29246.00    0.00        29246.00   
  90       2821615      1        2        28802        0.03   1        0        28802       28802.00    0.00        28802.00   
  91       2829249      1        2        28777        0.03   1        0        28777       28777.00    0.00        28777.00   
  92       2023622      1        3        211244       0.21   64       0        28680       3300.69     0.00        3300.69    
  93       2804973      1        3        28550        0.03   1        0        28550       28550.00    0.00        28550.00   
  94       2805292      1        3        28415        0.03   1        0        28415       28415.00    0.00        28415.00   
  95       2020496      1        2        28157        0.03   1        0        28157       28157.00    0.00        28157.00   
  96       2008575      1        5        28032        0.03   1        0        28032       28032.00    0.00        28032.00   
  97       2020295      1        6        27984        0.03   1        0        27984       27984.00    0.00        27984.00   
  98       2014702      1        9        65948        0.06   6        0        27617       10991.33    0.00        10991.33   
  99       2810852      1        2        176324       0.17   12       0        27369       14693.67    0.00        14693.67   
  100      2016379      1        5        175184       0.17   12       0        26959       14598.67    0.00        14598.67   
  101      2014353      1        6        26873        0.03   1        0        26873       26873.00    0.00        26873.00   
  102      2016143      1        3        522584       0.51   37       0        26377       14123.89    0.00        14123.89   
  103      2010968      1        7        66703        0.07   4        0        26377       16675.75    0.00        16675.75   
  104      2819887      1        2        26203        0.03   1        0        26203       26203.00    0.00        26203.00   
  105      2016778      1        5        26180        0.03   1        1        26180       26180.00    26180.00    0.00       
  106      2017748      1        6        520198       0.51   38       0        25974       13689.42    0.00        13689.42   
  107      2016502      1        2        376964       0.37   27       0        25556       13961.63    0.00        13961.63   
  108      2008184      1        10       25541        0.03   1        0        25541       25541.00    0.00        25541.00   
  109      2804858      1        2        25442        0.02   1        0        25442       25442.00    0.00        25442.00   
  110      2822886      1        2        24004        0.02   1        0        24004       24004.00    0.00        24004.00   
  111      2829858      1        2        23525        0.02   1        0        23525       23525.00    0.00        23525.00   
  112      2001330      1        8        1336137      1.31   478      0        22841       2795.27     0.00        2795.27    
  113      2820079      1        2        22723        0.02   1        0        22723       22723.00    0.00        22723.00   
  114      2803139      1        3        22691        0.02   1        0        22691       22691.00    0.00        22691.00   
  115      2008782      1        5        22624        0.02   1        0        22624       22624.00    0.00        22624.00   
  116      2828008      1        2        22609        0.02   1        0        22609       22609.00    0.00        22609.00   
  117      2009028      1        11       22574        0.02   1        0        22574       22574.00    0.00        22574.00   
  118      2802880      1        3        42051        0.04   2        0        22516       21025.50    0.00        21025.50   
  119      2012612      1        16       22462        0.02   1        0        22462       22462.00    0.00        22462.00   
  120      2816165      1        5        22307        0.02   1        0        22307       22307.00    0.00        22307.00   
  121      2012707      1        5        22112        0.02   1        0        22112       22112.00    0.00        22112.00   
  122      2826256      1        2        22105        0.02   1        0        22105       22105.00    0.00        22105.00   
  123      2802876      1        3        22049        0.02   1        0        22049       22049.00    0.00        22049.00   
  124      2018241      1        2        22018        0.02   1        0        22018       22018.00    0.00        22018.00   
  125      2013352      1        4        2

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-01-30 13:30:07,080 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-01-30 13:30:07,794 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-01-30 13:30:07,794 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-01-30 13:30:07,794 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-01-30 13:30:07,795 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-01-30 13:30:07,795 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/0ad1c1d7fa8759d61531440d8096ef0756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01302019.1330-097c8e2a-6b50-455c-846d-cc2b149831c5.pcap -vvv -k none
2019-01-30 13:30:30,253 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-01-30 13:30:30,254 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.1820268631


suricata-report-2019-01-30-T-13-30-30-01302019.1330-097c8e2a-6b50-455c-846d-cc2b149831c5.pcap.txt - (17817 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/0ad1c1d7fa8759d61531440d8096ef0756b33745cb75ec8c950e11a498e082d2 -r /var/pcap/01302019.1330-097c8e2a-6b50-455c-846d-cc2b149831c5.pcap -vvv -k none
elapsedtime:22.457305
stderr:
stdout:
30/1/2019 -- 13:30:07 - <Info> - Configuration node 'rule-files' redefined.
30/1/2019 -- 13:30:07 - <Notice> - This is Suricata version 4.0.0 RELEASE
30/1/2019 -- 13:30:07 - <Info> - CPUs/cores online: 1
30/1/2019 -- 13:30:07 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33839 and 'request-body-inspect-window' set to 15658 after randomization.
30/1/2019 -- 13:30:07 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31967 and 'response-body-inspect-window' set to 15987 after randomization.
30/1/2019 -- 13:30:07 - <Config> - DNS request flood protection level: 500
30/1/2019 -- 13:30:07 - <Config> - DNS per flow memcap (state-memcap): 524288
30/1/2019 -- 13:30:07 - <Config> - DNS global memcap: 16777216
30/1/2019 -- 13:30:07 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
30/1/2019 -- 13:30:07 - <Config> - preallocated 1000 hosts of size 136
30/1/2019 -- 13:30:07 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
30/1/2019 -- 13:30:07 - <Config> - using magic-file /usr/share/file/magic
30/1/2019 -- 13:30:07 - <Config> - Core dump size is unlimited.
30/1/2019 -- 13:30:07 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
30/1/2019 -- 13:30:07 - <Config> - preallocated 1000 defrag trackers of size 168
30/1/2019 -- 13:30:07 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
30/1/2019 -- 13:30:07 - <Config> - stream "prealloc-sessions": 2048 (per thread)
30/1/2019 -- 13:30:07 - <Config> - stream "memcap": 33554432
30/1/2019 -- 13:30:07 - <Config> - stream "midstream" session pickups: disabled
30/1/2019 -- 13:30:07 - <Config> - stream "async-oneside": disabled
30/1/2019 -- 13:30:07 - <Config> - stream "checksum-validation": disabled
30/1/2019 -- 13:30:07 - <Config> - stream."inline": disabled
30/1/2019 -- 13:30:07 - <Config> - stream "bypass": disabled
30/1/2019 -- 13:30:07 - <Config> - stream "max-synack-queued": 5
30/1/2019 -- 13:30:07 - <Config> - stream.reassembly "memcap": 134217728
30/1/2019 -- 13:30:07 - <Config> - stream.reassembly "depth": 0
30/1/2019 -- 13:30:07 - <Config> - stream.reassembly "toserver-chunk-size": 2522
30/1/2019 -- 13:30:07 - <Config> - stream.reassembly "toclient-chunk-size": 2504
30/1/2019 -- 13:30:07 - <Config> - stream.reassembly.raw: enabled
30/1/2019 -- 13:30:07 - <Config> - stream.reassembly "segment-prealloc": 2048
30/1/2019 -- 13:30:07 - <Config> - Delayed detect disabled
30/1/2019 -- 13:30:07 - <Config> - pattern matchers: MPM: ac, SPM: bm
30/1/2019 -- 13:30:07 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
30/1/2019 -- 13:30:07 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
30/1/2019 -- 13:30:07 - <Config> - prefilter engines: MPM
30/1/2019 -- 13:30:07 - <Config> - IP reputation disabled
30/1/2019 -- 13:30:07 - <Perf> - Registered 148 keyword profiling counters.
30/1/2019 -- 13:30:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
30/1/2019 -- 13:30:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
30/1/2019 -- 13:30:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
30/1/2019 -- 13:30:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
30/1/2019 -- 13:30:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
30/1/2019 -- 13:30:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
30/1/2019 -- 13:30:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
30/1/2019 -- 13:30:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
30/1/2019 -- 13:30:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
30/1/2019 -- 13:30:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
30/1/2019 -- 13:30:12 - <Config> - No rules loaded from ET-icmp.rules.
30/1/2019 -- 13:30:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
30/1/2019 -- 13:30:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
30/1/2019 -- 13:30:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
30/1/2019 -- 13:30:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
30/1/2019 -- 13:30:12 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
30/1/2019 -- 13:30:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
30/1/2019 -- 13:30:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
30/1/2019 -- 13:30:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
30/1/2019 -- 13:30:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
30/1/2019 -- 13:30:13 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
30/1/2019 -- 13:30:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
30/1/2019 -- 13:30:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
30/1/2019 -- 13:30:16 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
30/1/2019 -- 13:30:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
30/1/2019 -- 13:30:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
30/1/2019 -- 13:30:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
30/1/2019 -- 13:30:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
30/1/2019 -- 13:30:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
30/1/2019 -- 13:30:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
30/1/2019 -- 13:30:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
30/1/2019 -- 13:30:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
30/1/2019 -- 13:30:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
30/1/2019 -- 13:30:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
30/1/2019 -- 13:30:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
30/1/2019 -- 13:30:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
30/1/2019 -- 13:30:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
30/1/2019 -- 13:30:19 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
30/1/2019 -- 13:30:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
30/1/2019 -- 13:30:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
30/1/2019 -- 13:30:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
30/1/2019 -- 13:30:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
30/1/2019 -- 13:30:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
30/1/2019 -- 13:30:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
30/1/2019 -- 13:30:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
30/1/2019 -- 13:30:21 - <Config> - No rules loaded from local.rules.
30/1/2019 -- 13:30:21 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
30/1/2019 -- 13:30:21 - <Info> - Threshold config parsed: 0 rule(s) found
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for tcp-packet
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for tcp-stream
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for udp-packet
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for other-ip
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_uri
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_request_line
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_client_body
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_response_line
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_header
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_header
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_header_names
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_header_names
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_accept
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_accept_enc
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_accept_lang
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_referer
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_connection
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_content_len
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_content_len
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_content_type
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_content_type
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_protocol
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_protocol
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_start
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_start
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_raw_header
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_raw_header
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_method
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_cookie
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_cookie
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_raw_uri
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_user_agent
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_host
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_raw_host
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_stat_msg
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_stat_code
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for dns_query
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for tls_sni
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for tls_cert_issuer
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for tls_cert_subject
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for tls_cert_serial
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for dce_stub_data
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for dce_stub_data
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for ssh_protocol
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for ssh_protocol
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for ssh_software
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for ssh_software
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for file_data
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for file_data
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_request_line
30/1/2019 -- 13:30:21 - <Perf> - using shared mpm ctx' for http_response_line
30/1/2019 -- 13:30:21 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
30/1/2019 -- 13:30:21 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
30/1/2019 -- 13:30:21 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
30/1/2019 -- 13:30:21 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
30/1/2019 -- 13:30:21 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
30/1/2019 -- 13:30:22 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
30/1/2019 -- 13:30:22 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
30/1/2019 -- 13:30:22 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
30/1/2019 -- 13:30:26 - <Perf> - Unique rule groups: 104
30/1/2019 -- 13:30:26 - <Perf> - Builtin MPM "toserver TCP packet": 35
30/1/2019 -- 13:30:26 - <Perf> - Builtin MPM "toclient TCP packet": 17
30/1/2019 -- 13:30:26 - <Perf> - Builtin MPM "toserver TCP stream": 33
30/1/2019 -- 13:30:26 - <Perf> - Builtin MPM "toclient TCP stream": 19
30/1/2019 -- 13:30:26 - <Perf> - Builtin MPM "toserver UDP packet": 27
30/1/2019 -- 13:30:26 - <Perf> - Builtin MPM "toclient UDP packet": 17
30/1/2019 -- 13:30:26 - <Perf> - Builtin MPM "other IP packet": 3
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_uri": 14
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_request_line": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_client_body": 6
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toclient http_response_line": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_header": 10
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toclient http_header": 6
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_header_names": 2
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_accept": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_referer": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_content_len": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_content_type": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toclient http_content_type": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_protocol": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_start": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_method": 5
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_cookie": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toclient http_cookie": 2
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver http_host": 2
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver dns_query": 4
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver tls_sni": 2
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toserver file_data": 1
30/1/2019 -- 13:30:26 - <Perf> - AppLayer MPM "toclient file_data": 7
30/1/2019 -- 13:30:28 - <Perf> - Registered 39590 rule profiling counters.
30/1/2019 -- 13:30:28 - <Info> - fast output device (regular) initialized: alert
30/1/2019 -- 13:30:28 - <Info> - eve-log output device (regular) initialized: eve.json
30/1/2019 -- 13:30:28 - <Config> - enabling 'eve-log' module 'alert'
30/1/2019 -- 13:30:28 - <Config> - enabling 'eve-log' module 'http'
30/1/2019 -- 13:30:28 - <Config> - enabling 'eve-log' module 'dns'
30/1/2019 -- 13:30:28 - <Config> - enabling 'eve-log' module 'tls'
30/1/2019 -- 13:30:28 - <Config> - enabling 'eve-log' module 'files'
30/1/2019 -- 13:30:28 - <Config> - enabling 'eve-log' module 'ssh'
30/1/2019 -- 13:30:28 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
30/1/2019 -- 13:30:28 - <Info> - stats output device (regular) initialized: stats.log
30/1/2019 -- 13:30:28 - <Config> - AutoFP mode using "Hash" flow load balancer
30/1/2019 -- 13:30:28 - <Info> - reading pcap file /var/pcap/01302019.1330-097c8e2a-6b50-455c-846d-cc2b149831c5.pcap
30/1/2019 -- 13:30:28 - <Config> - us

This file has been truncated. Go here to download in full.