Filename: rdpTimeShift.pcap
Status: Analysis complete
IDS: suricata-3.2.3
Ruleset: etopen-all
Runtime: 8.2344918251 seconds
Hash: 243593a222454f6a302c7799f85d7cad
Uploaded: 1564763712

Logfiles


packet_stats.log - (5149 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          3231           424942      583079218     393522200       1271.5b   99.95
 IPv4     256             2           424942      583079218     291752080        583.5m    0.05
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          3230           104812       23292700        241833        781.1m   90.44
TMM_RECEIVEPCAPFILE         IPv4       6          3230             4428       17648680         14754         47.7m    5.52
TMM_DECODEPCAPFILE          IPv4       6          3230             4564        4794608         10814         34.9m    4.04

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          3230             4718        2313152          6068         19.6m  2.77  
stream                  IPv4       6          3230             4774       19018768         12573         40.6m  5.74  
detect                  IPv4       6          3231            76602       23247540        200213        646.9m  91.48 
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
Proto detect            IPv4       6             3             4826          15668         10366         31.1k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             2            81224         153862        117543        235.1k  2.54  
LOGGER_UNIFIED2             IPv4       6             2            91144         194424        142784        285.6k  3.09  
LOGGER_JSON_ALERT           IPv4       6             2            76848        8644038       4360443          8.7m  94.37 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          2284             4446         246434         19404        44.3m  34.57 
stream                            IPv4       6          2284             4410       14236568         36730        83.9m  65.43 
Total                             IPv4                  4568                                         28067       128.2m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2            22896          57138         40017         80.0k  0.01  
PROF_DETECT_RULES           IPv4       6          3231             4428       22968158         61853        199.8m  28.29 
PROF_DETECT_STATEFUL        IPv4       6          3231             4386         285102          5193         16.8m  2.38  
PROF_DETECT_PREFILTER       IPv4       6          3231            13406       14305376         72366        233.8m  33.10 
PROF_DETECT_PF_PAYLOAD      IPv4       6          2284            22562       14274780         70566        161.2m  22.82 
PROF_DETECT_PF_SORT1        IPv4       6           903             4416          84574          5065          4.6m  0.65  
PROF_DETECT_PF_SORT2        IPv4       6          3231             4408        2246448          5863         18.9m  2.68  
PROF_DETECT_NONMPMLIST      IPv4       6          3231             4406          68734          4921         15.9m  2.25  
PROF_DETECT_ALERT           IPv4       6          3231             4408         359910          4956         16.0m  2.27  
PROF_DETECT_CLEANUP         IPv4       6          3231             4428          48408          4924         15.9m  2.25  
PROF_DETECT_GETSGH          IPv4       6          3231             4398        7224924          7232         23.4m  3.31  


suricata-3.2.3-etopen-all-perf.txt-2019-08-02-T-16-35-21-08022019.1632-rdpTimeShift.pcap.txt - (8126 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
  --------------------------------------------------------------------------
  Date: 8/2/2019 -- 16:35:21
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2001330      1        8        79385066     49.48  2092     2        22929406    37946.97    36597.00    37948.26   
  2        2014386      1        2        58900212     36.71  1025     1        17536608    57463.62    44012.00    57476.76   
  3        2018373      1        3        9007966      5.61   63       0        6940774     142983.59   0.00        142983.59  
  4        2018377      1        3        2095156      1.31   63       0        100910      33256.44    0.00        33256.44   
  5        2017548      1        6        1470038      0.92   45       0        94390       32667.51    0.00        32667.51   
  6        2020788      1        2        119552       0.07   2        0        93894       59776.00    0.00        59776.00   
  7        2018789      1        3        84968        0.05   1        0        84968       84968.00    0.00        84968.00   
  8        2018375      1        3        2096866      1.31   63       0        77510       33283.59    0.00        33283.59   
  9        2014385      1        5        48034        0.03   1        1        48034       48034.00    48034.00    0.00       
  10       2024776      1        1        485732       0.30   93       0        46330       5222.92     0.00        5222.92    
  11       2020786      1        4        44858        0.03   1        0        44858       44858.00    0.00        44858.00   
  12       2021151      1        1        261022       0.16   48       0        44194       5437.96     0.00        5437.96    
  13       2001972      1        20       38478        0.02   1        1        38478       38478.00    38478.00    0.00       
  14       2024775      1        1        553362       0.34   93       0        36206       5950.13     0.00        5950.13    
  15       2018077      1        5        29618        0.02   1        0        29618       29618.00    0.00        29618.00   
  16       2018069      1        1        29044        0.02   1        0        29044       29044.00    0.00        29044.00   
  17       2020783      1        3        28574        0.02   1        0        28574       28574.00    0.00        28574.00   
  18       2020692      1        1        26886        0.02   1        0        26886       26886.00    0.00        26886.00   
  19       2020765      1        2        25862        0.02   1        0        25862       25862.00    0.00        25862.00   
  20       2018638      1        2        25842        0.02   1        0        25842       25842.00    0.00        25842.00   
  21       2020774      1        2        25752        0.02   1        0        25752       25752.00    0.00        25752.00   
  22       2022132      1        1        45372        0.03   2        0        25608       22686.00    0.00        22686.00   
  23       2013479      1        5        25030        0.02   1        1        25030       25030.00    25030.00    0.00       
  24       2020661      1        3        453766       0.28   85       0        21510       5338.42     0.00        5338.42    
  25       2012236      1        2        204840       0.13   41       0        21452       4996.10     0.00        4996.10    
  26       2102190      1        5        137186       0.09   26       0        21288       5276.38     0.00        5276.38    
  27       2014130      1        2        188338       0.12   37       0        21246       5090.22     0.00        5090.22    
  28       2024777      1        2        334812       0.21   63       0        20860       5314.48     0.00        5314.48    
  29       2018382      1        8        343798       0.21   63       0        20256       5457.11     0.00        5457.11    
  30       2018477      1        1        502324       0.31   102      0        20144       4924.75     0.00        4924.75    
  31       2020371      1        2        31364        0.02   2        0        16036       15682.00    0.00        15682.00   
  32       2014384      1        8        33988        0.02   3        0        15230       11329.33    0.00        11329.33   
  33       2018487      1        4        14924        0.01   1        0        14924       14924.00    0.00        14924.00   
  34       2018292      1        1        192396       0.12   40       0        13722       4809.90     0.00        4809.90    
  35       2021701      1        1        382210       0.24   79       0        9376        4838.10     0.00        4838.10    
  36       2024778      1        1        420490       0.26   86       0        8896        4889.42     0.00        4889.42    
  37       2103158      1        6        640476       0.40   135      0        8546        4744.27     0.00        4744.27    
  38       2021702      1        1        375904       0.23   79       0        8262        4758.28     0.00        4758.28    
  39       2022547      1        1        408116       0.25   86       0        7932        4745.53     0.00        4745.53    
  40       2009387      1        4        233542       0.15   47       0        7284        4968.98     0.00        4968.98    
  41       2019313      1        3        203962       0.13   39       0        6802        5229.79     0.00        5229.79    
  42       2015986      1        5        120254       0.07   25       0        6360        4810.16     0.00        4810.16    
  43       2018281      1        4        6250         0.00   1        0        6250        6250.00     0.00        6250.00    
  44       2021152      1        1        212524       0.13   46       0        6110        4620.09     0.00        4620.09    
  45       2018558      1        5        6062         0.00   1        0        6062        6062.00     0.00        6062.00    
  46       2103159      1        4        21220        0.01   4        0        5866        5305.00     0.00        5305.00    
  47       2103238      1        4        5834         0.00   1        0        5834        5834.00     0.00        5834.00    
  48       2018067      1        3        5618         0.00   1        0        5618        5618.00     0.00        5618.00    
  49       2019809      1        2        10754        0.01   2        0        5534        5377.00     0.00        5377.00    
  50       2100327      1        10       21464        0.01   4        0        5470        5366.00     0.00        5366.00    
  51       2017935      1        3        9936         0.01   2        0        5442        4968.00     0.00        4968.00    
  52       2008302      1        3        10532        0.01   2        0        5426        5266.00     0.00        5266.00    
  53       2021978      1        6        5400         0.00   1        0        5400        5400.00     0.00        5400.00    
  54       2102523      1        8        5326         0.00   1        0        5326        5326.00     0.00        5326.00    
  55       2018063      1        3        5302         0.00   1        0        5302        5302.00     0.00        5302.00    
  56       2008306      1        3        9958         0.01   2        0        5208        4979.00     0.00        4979.00    
  57       2102523      1        8        4986         0.00   1        0        4986        4986.00     0.00        4986.00    
  58       2018625      1        5        4478         0.00   1        0        4478        4478.00     0.00        4478.00    
  59       2022868      1        4        4468         0.00   1        0        4468        4468.00     0.00        4468.00    
  60       2021976      1        2        4438         0.00   1        0        4438        4438.00     0.00        4438.00    


suricata-report-2019-08-02-T-16-35-21-08022019.1632-rdpTimeShift.pcap.txt - (15629 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
lastcmd:ulimit -c unlimited; /opt/suricata323/bin/suricata -c /opt/suricata323/etc/etopen/suricata323-etopen-all.yaml -l /var/www/html/243593a222454f6a302c7799f85d7cad48e27f38cb3cf6f107cf7657e8f7c584 -r /var/pcap/08022019.1632-rdpTimeShift.pcap -vvv -k none
elapsedtime:7.287230
stderr:
stdout:
2/8/2019 -- 16:35:13 - <Info> - Configuration node 'rule-files' redefined.
2/8/2019 -- 16:35:13 - <Notice> - This is Suricata version 3.2.3 RELEASE
2/8/2019 -- 16:35:13 - <Info> - CPUs/cores online: 1
2/8/2019 -- 16:35:13 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33882 and 'request-body-inspect-window' set to 16211 after randomization.
2/8/2019 -- 16:35:13 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33695 and 'response-body-inspect-window' set to 16872 after randomization.
2/8/2019 -- 16:35:13 - <Config> - DNS request flood protection level: 500
2/8/2019 -- 16:35:13 - <Config> - DNS per flow memcap (state-memcap): 524288
2/8/2019 -- 16:35:13 - <Config> - DNS global memcap: 16777216
2/8/2019 -- 16:35:13 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
2/8/2019 -- 16:35:13 - <Config> - preallocated 1000 hosts of size 136
2/8/2019 -- 16:35:13 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
2/8/2019 -- 16:35:13 - <Config> - using magic-file /usr/share/file/magic
2/8/2019 -- 16:35:13 - <Config> - Core dump size is unlimited.
2/8/2019 -- 16:35:13 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
2/8/2019 -- 16:35:13 - <Config> - preallocated 1000 defrag trackers of size 168
2/8/2019 -- 16:35:13 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
2/8/2019 -- 16:35:13 - <Config> - stream "prealloc-sessions": 2048 (per thread)
2/8/2019 -- 16:35:13 - <Config> - stream "memcap": 33554432
2/8/2019 -- 16:35:13 - <Config> - stream "midstream" session pickups: disabled
2/8/2019 -- 16:35:13 - <Config> - stream "async-oneside": disabled
2/8/2019 -- 16:35:13 - <Config> - stream "checksum-validation": disabled
2/8/2019 -- 16:35:13 - <Config> - stream."inline": disabled
2/8/2019 -- 16:35:13 - <Config> - stream "bypass": disabled
2/8/2019 -- 16:35:13 - <Config> - stream "max-synack-queued": 5
2/8/2019 -- 16:35:13 - <Config> - stream.reassembly "memcap": 134217728
2/8/2019 -- 16:35:13 - <Config> - stream.reassembly "depth": 0
2/8/2019 -- 16:35:13 - <Config> - stream.reassembly "toserver-chunk-size": 2460
2/8/2019 -- 16:35:13 - <Config> - stream.reassembly "toclient-chunk-size": 2655
2/8/2019 -- 16:35:13 - <Config> - stream.reassembly.raw: enabled
2/8/2019 -- 16:35:13 - <Config> - segment pool: pktsize 4, prealloc 256
2/8/2019 -- 16:35:13 - <Config> - segment pool: pktsize 16, prealloc 512
2/8/2019 -- 16:35:13 - <Config> - segment pool: pktsize 112, prealloc 512
2/8/2019 -- 16:35:13 - <Config> - segment pool: pktsize 248, prealloc 512
2/8/2019 -- 16:35:13 - <Config> - segment pool: pktsize 512, prealloc 512
2/8/2019 -- 16:35:13 - <Config> - segment pool: pktsize 768, prealloc 1024
2/8/2019 -- 16:35:13 - <Config> - segment pool: pktsize 1460, prealloc 1024
2/8/2019 -- 16:35:13 - <Config> - segment pool: pktsize 65535, prealloc 128
2/8/2019 -- 16:35:13 - <Config> - stream.reassembly "chunk-prealloc": 250
2/8/2019 -- 16:35:13 - <Config> - stream.reassembly "zero-copy-size": 128
2/8/2019 -- 16:35:13 - <Config> - Delayed detect disabled
2/8/2019 -- 16:35:13 - <Config> - pattern matchers: MPM: ac, SPM: bm
2/8/2019 -- 16:35:13 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
2/8/2019 -- 16:35:13 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
2/8/2019 -- 16:35:13 - <Config> - prefilter engines: MPM
2/8/2019 -- 16:35:13 - <Config> - IP reputation disabled
2/8/2019 -- 16:35:13 - <Perf> - Registered 132 keyword profiling counters.
2/8/2019 -- 16:35:13 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-ftp.rules
2/8/2019 -- 16:35:13 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-policy.rules
2/8/2019 -- 16:35:14 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-trojan.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-games.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-pop3.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-user_agents.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-activex.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-rpc.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-attack_response.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-icmp.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-scan.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-voip.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-chat.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-icmp_info.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-info.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-shellcode.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-web_client.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-imap.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-web_server.rules
2/8/2019 -- 16:35:15 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-current_events.rules
2/8/2019 -- 16:35:16 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-inappropriate.rules
2/8/2019 -- 16:35:16 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-smtp.rules
2/8/2019 -- 16:35:16 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-web_specific_apps.rules
2/8/2019 -- 16:35:17 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-deleted.rules
2/8/2019 -- 16:35:17 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-malware.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-snmp.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-worm.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-dns.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-misc.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-sql.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-dos.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-netbios.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-telnet.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-exploit.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-p2p.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-tftp.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-emerging-mobile_malware.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-botcc.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-compromised.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-drop.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-dshield.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-tor.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/ET-ciarmy.rules
2/8/2019 -- 16:35:18 - <Config> - Loading rule file: /opt/suricata323/etc/etopen/local.rules
2/8/2019 -- 16:35:18 - <Info> - 44 rule files processed. 18223 rules successfully loaded, 0 rules failed
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for tcp-packet
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for tcp-stream
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for udp-packet
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for other-ip
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_uri
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_request_line
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_client_body
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_response_line
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_header
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_header
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_raw_header
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_raw_header
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_method
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_cookie
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_cookie
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_raw_uri
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_user_agent
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_host
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_raw_host
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_stat_msg
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_stat_code
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for dns_query
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for tls_sni
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for tls_cert_issuer
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for tls_cert_subject
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for file_data
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for file_data
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_request_line
2/8/2019 -- 16:35:18 - <Perf> - using shared mpm ctx' for http_response_line
2/8/2019 -- 16:35:18 - <Info> - 18228 signatures processed. 1175 are IP-only rules, 6224 are inspecting packet payload, 13147 inspect application layer, 0 are decoder event only
2/8/2019 -- 16:35:18 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
2/8/2019 -- 16:35:18 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
2/8/2019 -- 16:35:18 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
2/8/2019 -- 16:35:18 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
2/8/2019 -- 16:35:18 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
2/8/2019 -- 16:35:18 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
2/8/2019 -- 16:35:18 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
2/8/2019 -- 16:35:19 - <Perf> - Unique rule groups: 111
2/8/2019 -- 16:35:19 - <Perf> - Builtin MPM "toserver TCP packet": 31
2/8/2019 -- 16:35:19 - <Perf> - Builtin MPM "toclient TCP packet": 20
2/8/2019 -- 16:35:19 - <Perf> - Builtin MPM "toserver TCP stream": 31
2/8/2019 -- 16:35:19 - <Perf> - Builtin MPM "toclient TCP stream": 21
2/8/2019 -- 16:35:19 - <Perf> - Builtin MPM "toserver UDP packet": 33
2/8/2019 -- 16:35:19 - <Perf> - Builtin MPM "toclient UDP packet": 15
2/8/2019 -- 16:35:19 - <Perf> - Builtin MPM "other IP packet": 2
2/8/2019 -- 16:35:19 - <Perf> - AppLayer MPM "toserver http_uri": 8
2/8/2019 -- 16:35:19 - <Perf> - AppLayer MPM "toserver http_client_body": 6
2/8/2019 -- 16:35:19 - <Perf> - AppLayer MPM "toserver http_header": 6
2/8/2019 -- 16:35:19 - <Perf> - AppLayer MPM "toclient http_header": 3
2/8/2019 -- 16:35:19 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
2/8/2019 -- 16:35:19 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
2/8/2019 -- 16:35:19 - <Perf> - AppLayer MPM "toserver http_method": 3
2/8/2019 -- 16:35:19 - <Perf> - AppLayer MPM "toserver http_cookie": 1
2/8/2019 -- 16:35:19 - <Perf> - AppLayer MPM "toclient http_cookie": 2
2/8/2019 -- 16:35:19 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
2/8/2019 -- 16:35:19 - <Perf> - AppLayer MPM "toserver http_user_agent": 3
2/8/2019 -- 16:35:19 - <Perf> - AppLayer MPM "toserver http_host": 1
2/8/2019 -- 16:35:19 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
2/8/2019 -- 16:35:19 - <Perf> - AppLayer MPM "toserver dns_query": 4
2/8/2019 -- 16:35:19 - <Perf> - AppLayer MPM "toclient file_data": 5
2/8/2019 -- 16:35:19 - <Perf> - Registered 18228 rule profiling counters.
2/8/2019 -- 16:35:20 - <Info> - Threshold config parsed: 0 rule(s) found
2/8/2019 -- 16:35:20 - <Info> - fast output device (regular) initialized: alert
2/8/2019 -- 16:35:20 - <Info> - eve-log output device (regular) initialized: eve.json
2/8/2019 -- 16:35:20 - <Config> - enabling 'eve-log' module 'alert'
2/8/2019 -- 16:35:20 - <Config> - enabling 'eve-log' module 'http'
2/8/2019 -- 16:35:20 - <Config> - enabling 'eve-log' module 'dns'
2/8/2019 -- 16:35:20 - <Config> - enabling 'eve-log' module 'tls'
2/8/2019 -- 16:35:20 - <Config> - enabling 'eve-log' module 'files'
2/8/2019 -- 16:35:20 - <Config> - enabling 'eve-log' module 'ssh'
2/8/2019 -- 16:35:20 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
2/8/2019 -- 16:35:20 - <Info> - stats output device (regular) initialized: stats.log
2/8/2019 -- 16:35:20 - <Config> - AutoFP mode using "Hash" flow load balancer
2/8/2019 -- 16:35:20 - <Info> - reading pcap file /var/pcap/08022019.1632-rdpTimeShift.pcap
2/8/2019 -- 16:35:20 - <Config> - using 1 flow manager threads
2/8/2019 -- 16:35:20 - <Config> - using 1 flow recycler threads
2/8/2019 -- 16:35:20 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
2/8/2019 -- 16:35:20 - <Info> - No packets with invalid checksum, assuming checksum offloading is NOT used
2/8/2019 -- 16:35:20 - <Info> - pcap file end of file reached (pcap err code 0)
2/8/2019 -- 16:35:20 - <Notice> - Signal Received.  Stopping engine.
2/8/2019 -- 16:35:20 - <Perf> - 0 new flows, 0 established flows were timed out, 0 flows in closed state
2/8/2019 -- 16:35:20 - <Info> - time elapsed 0.373s
2/8/2019 -- 16:35:21 - <Perf> - 1 flows processed
2/8/2019 -- 16:35:21 - <Notice> - Pcap-file module read 3230 packets, 3068249 bytes
2/8/2019 -- 16:35:21 - <Perf> - AutoFP - Total flow handler queues - 1
2/8/2019 -- 16:35:21 - <Perf> - ippair memory usage: 398144 bytes, maximum: 16777216
2/8/2019 -- 16:35:21 - <Perf> - Done dumping profiling data.
2/8/2019 -- 16:35:21 - <Perf> - host memory usage: 398144 bytes, maximum: 16777216
2/8/2019 -- 16:35:21 - <Perf> - Dumping profiling data for 18228 rules.
2/8/2019 -- 16:35:21 - <Perf> - Done dumping profiling data.
2/8/2019 -- 16:35:21 - <Perf> - Done dumping keyword profiling data.
2/8/2019 -- 16:35:21 - <Info> - cleaning up signature grouping structure... complete
returncode:
0errors:
warnings:


stats.log - (2165 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
------------------------------------------------------------------------------------
Date: 8/2/2019 -- 16:35:21 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 3230
decoder.bytes                              | Total                     | 3068249
decoder.ipv4                               | Total                     | 3230
decoder.ethernet                           | Total                     | 3230
decoder.tcp                                | Total                     | 3230
decoder.avg_pkt_size                       | Total                     | 949
decoder.max_pkt_size                       | Total                     | 1514
tcp.sessions                               | Total                     | 1
tcp.pseudo                                 | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
tcp.rst                                    | Total                     | 1
detect.alert                               | Total                     | 2
detect.mpm_list                            | Total                     | 1
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 1
app_layer.flow.failed_tcp                  | Total                     | 1
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65536
tcp.memuse                                 | Total                     | 409600
tcp.reassembly_memuse                      | Total                     | 12332832
flow.memuse                                | Total                     | 7074592


eve.json - (727 bytes) - download
1
2
{"timestamp":"2019-07-23T04:52:55.380696+0000","flow_id":1897351508111041,"pcap_cnt":6,"event_type":"alert","src_ip":"192.168.54.130","src_port":3389,"dest_ip":"192.168.54.1","dest_port":60211,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}}
{"timestamp":"2019-07-23T04:53:08.919008+0000","flow_id":1897351508111041,"pcap_cnt":64,"event_type":"alert","src_ip":"192.168.54.130","src_port":3389,"dest_ip":"192.168.54.1","dest_port":60211,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}}


unified2.alert.1564763720 - (4489 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
4]6’§Ï‰²À¨6‚À¨6
=ë3q]6’§]6’§ÏUPVÀ)FøÁEGW@€
†À¨6‚À¨6
=ë3fźûE(–€É6
›Â>uw*Ð44]6’´à‰²À¨6‚À¨6
=ë3e]6’´]6’´àIE;ÌéÀ¨6‚À¨6
=ë3P¤iÐ4œ]6’´]6’´à€ErɲÀ¨6‚À¨6
=ë3P©×EM\åQã­µ… çŸ£®æ_Bâ.>æ¸PÑaùQx¶žtz ô-ߙIi¤_&_ÆS¶Ï¶´–ŠåΙÞí/ÿìéæ0‚â0‚Ê 3*4_ª!ߣFÀ~n;ÿS0
	*†H†÷
010UWIN-S3427JHLOSJ0
190521132121Z
191120132121Z010UWIN-S3427JHLOSJ0‚"0
	*†H†÷
‚0‚
‚´‡íämP1‰Ká–^¿ð¦“Hj8öèkƒ³ïFrÔ@ü?á—%ftZØ	n´;	I¨²˜éÞ7Ú¨	€`^øí질¸ÙÕmtøÙoù7¥ã•gN²!øI¹Z`8“@Hš{Å-Ҋ,n‘0‡zîH•Nþ%&é’iæ
ͯ!³™Záû$„M<ãݛãD“×;;nv)¸0}tùŠØ‘…
›XÙ"ràÙi!È'UI^G—giéA±Ñ&Óu±ÝŽ—Íñ>DE¹Ôp`õ9/bWô¶Ù*_,ÛÀOÿsF5`¥~5›–Š~·ý=6+è§{\â›£$0"0U%0
+0U00
	*†H†÷
‚gø>ŽóïÔ Œ(®¿ÝØ°Ñßxòšá U>£©cŒëq˜MGf\ØØ͋ÿÊݟ"`
å4Yc¿8ÅåòfJxÄXvå¹*¶.:p‡× ´…1ørG¥S«ÖÝÅíPÃقE*/kruâ$;hn-lbæ%Nš(‰Ka3lüja‰ÞÝ7‘t’–A«ží+YÖ+d–$ õÁN7‡ÚòNrÛù-­Ñaÿ¢J†ägwÞzÉv Ï?uØáŸ+qp"PW”¿ö—OÏz߉WÅLü4¢èŸNé&›!meƒ2Y
UìsքEÎR~•pSbÚ,ö„Yo]6’´]6’´àqEcÌÁÀ¨6‚À¨6
=ë3Pk†0\ó«¿Ì{e×UñӐã®|È÷ŸC‡¤wæÔ¼¹‹FÍÔ/Js'KDOo×E÷w]6’´]6’´à[EMË×À¨6‚À¨6
=ë3Pé‹ üƒe°6ÄV–¨8E$õ ­á(Ø zo>ЗY©)•ÆAÎÑS1³—Ðœác±ù°w›±ÿ¹ÜÿíÄñ(Ë(ÃxäTÊÙEr”*ô
P†i
dÐs%YD⚨©âù(Ú[‘†Ðu€híšãL;Óô²
N›J­&}Ú_°xeK+ ýóUÖz²SÙ8£Ÿ™q•xË}vӇ¸Mº³zx,]Æ;ø0¢v[²‘nš>-—ÕýužÔJ–`–"ÆÚ'<IÉ6ýåa‡ÐOjÄnr:Xó}–1ßÀê² ÈbÙóLíEé‚Up,ݳ¿hè5Lâ4¼„z¦Aôml£Z}-›KÎò‡—tù~Ó@ú	¶Æþ|0I¡JÐ튘§]6’´]6’´à‹E}˧À¨6‚À¨6
=ë3Pe³P¹¶«!®ê¢´Á‹&FÄÔlÆ9¹mxî÷´ÓY/¦.\‹;‹vؘ´Èp¬éä|ïR=gÓIþ•=œ?p·¯í¶å¼ã¼ýWjfÇ
h
ȃÌ"Ës
X|8F›oÕC \²¼ïݾ˽³ÿÔN"e?ܼdÈ:²Ùˆýñ
ý49^Çʁ͔É$¨²‰æ§šà“¯ýA‰BêîˆÓï&Ë%Þj«dڞÅO8Ø,¶'emßCD@Š°oëéÍí|DŠHki4=¯*<Ò±Ž§~ÿ¿ÌgoG“àZùˆuø&³íšª'”œ•¤÷$4ÿ: ³†cùZ)0=øgµ5
v^×„`Ù]Öì76þõkðƒ9ÛOdÓÚ½+ÚÿÖyÄ@‘Ø•ñjZ/sq8¬×U7h”yöÆ"áÕl@Š¬g!¥¯ç]6’´]6’´àËE½ÌgÀ¨6‚À¨6
=ë3P/V
¶/Sžñ‰ëÅNí…ñ}†§*èF#uW¿§`á×¹Œ0š%—³]3Ûàb~¬­Gþ)Ád˜f2ª7„ªC×û>.TT¯:¡k%¨óXf]õ»Y¹VJ„ðWzý¸ä6ˆžf˜you§³e°Öª¼u솧ö/-hÞ2S —ÐK²Ÿ
õ<ZÓ°w]6’´]6’´à[EMÌ×À¨6‚À¨6
=ë3Pñ pß(R0ٙú%#¯X¿Ÿ­á ª	°Z;4°‡]6’´]6’´àkE]ÌÇÀ¨6‚À¨6
=ë3P›[0³k-閑aÀÀ2ø¤Y…e#Þ_PþªûÃPÝaä؟E­¬§í­K\•SJO<‡]6’´]6’´àkE]ÌÇÀ¨6‚À¨6
=ë3P‹ò0•Ÿtºa£4åT.ÎÆÞ¶o•;ˆ.¼µÖSdú%!]Œ¹ŸFÍØž¸Ÿäî‡]6’´]6’´àkE]ÌÇÀ¨6‚À¨6
=ë3P¸0{žgó>Jáa˜iX,$féû#Õù4¨3$áq7wOðŽ´$+Ç+ë©A½kïŒažÖ‡]6’´]6’´àkE]ÌÇÀ¨6‚À¨6
=ë3P“;0Ո«@YÀ‰+éÁÓï&QdF’*.º
a¡Ã™Hû^Šû{fWlWI´ZºÃ‡]6’´]6’´àkE]ÌÇÀ¨6‚À¨6
=ë3P	n0AñòÒÓ/&¬4ŸLFHw¢ù^,¥K÷P¿]ß1«¡ò”M«‡]6’´]6’´àkE]ÌÇÀ¨6‚À¨6
=ë3PÐÂ0òòRWù£^&]DkjÓnWŒ=ïP+l=0¯§hxÛ¢1®}4ÆI‘y@G~Û@pn—]6’´]6’´à{EmÌ·À¨6‚À¨6
=ë3PÚî@›‘G¤qå·h<0ÉF.‚‡iMßÿ"ý[ØäÖJßfräì'ÌÖ²äQ7GÁ;ëF|ºšÿcðß\ǦÁ±‹†Xù\Eò]6’´]6’´àûEíË7À¨6‚À¨6
=ë3Pl6ÀO‹€’Ö);{Ë@ÒäØÒ<ƒE˦ù
I¾ké6©2#µ#ˆbÂ
”#§e#i8¸@ /~«×ÓþFWG[h•ïæ寁'›®Š'&ýMŒœüÔý"{Õe*ˆ,¶ÉžÈ©ÇÎß`xy##?ÄZ»[où2[·ŠÒÑÖr~_¥H-øijS#’tù7Cì³¼ÔLmVŒÐzÅ5©ÉTˆ*Л•»(³Eš‡»f"³ÁÒT~½ðŽú=þO7P5h«Ðñí9ÁÁª–ebœTÖYÍ#-?.ÇóÍ5˜õiP9ü…Zë¬bùLf>´¦â<½o†ìÇúːYÎXü8I@ÅoáHF§Õ9Ǩ]˜óۖÃL†öÏÏíj7lzÒUϑj%é¦Ùv8<¾ê;0L/
η}ÄõÖpTÙJàûs7-ËKG	ߋs¹§<ú̅ –+äƒt¡uÖÁøU¿%ÔOxÕ¦enlç‘IcZXuއ‚…#¤—ë LáoÇ.êgèXŠ~7W›;(ÛÜf§üHSvâ2Òò WúJômÚ·îV9Æñ†’½h(`—]6’´]6’´à{EmÌ·À¨6‚À¨6
=ë3P¼¼@ÌÑAX¼ýÔî¶CDhçDT§	ÁÀ&ÞAE~S“=îdáÍs[ß¡“K|lÓd|ÇÛç:D-y{¨Û—]6’´]6’´à{EmÌ·À¨6‚À¨6
=ë3PàN@ʚ°«”γÙw’æ”\û·,ã®ÿÅ¶‘å3X·ÍÑx|0SYàA"A%±æÁõ‡J,Ñ´ôŽ¶Âő☗


suricata-3.2.3-etopen-all-alert-2019-08-02-T-16-35-21-08022019.1632-rdpTimeShift.pcap.txt - (358 bytes) - download
1
2
07/23/2019-04:52:55.380696  [**] [1:2001330:8] ET POLICY RDP connection confirm [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.54.130:3389 -> 192.168.54.1:60211
07/23/2019-04:53:08.919008  [**] [1:2001330:8] ET POLICY RDP connection confirm [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.54.130:3389 -> 192.168.54.1:60211


keyword_perf.log - (4872 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 8/2/2019 -- 16:35:21
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            24926           5               3               5562            4985.00         4942.00         5049.00        
  flow             5071666         1029            1029            33314           4928.00         4928.00         0.00           
  threshold        28642           2               0               23662           14321.00        0.00            14321.00       
  content          40885976        3588            63              22889588        11395.00        10192.00        11416.00       
  pcre             50126           2               0               45238           25063.00        0.00            25063.00       
  byte_jump        386188          54              0               71432           7151.00         0.00            7151.00        
  flowbits         17161136        1028            5               11749956        16693.00        5640.00         16747.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            24926           5               3               5562            4985.00         4942.00         5049.00        
  flow             5071666         1029            1029            33314           4928.00         4928.00         0.00           
  flowbits         17143606        1025            2               11749956        16725.00        5336.00         16747.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          40885976        3588            63              22889588        11395.00        10192.00        11416.00       
  pcre             50126           2               0               45238           25063.00        0.00            25063.00       
  byte_jump        386188          54              0               71432           7151.00         0.00            7151.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         17530           3               3               7398            5843.00         5843.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        28642           2               0               23662           14321.00        0.00            14321.00       


IDSDeathBlossom.py.log - (1155 bytes) - download
1
2
3
4
5
6
7
8
2019-08-02 16:35:13,119 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-08-02 16:35:13,864 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-08-02 16:35:13,864 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-3.2.3-etopen-all
2019-08-02 16:35:13,864 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-08-02 16:35:13,864 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-08-02 16:35:13,864 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata323/bin/suricata -c /opt/suricata323/etc/etopen/suricata323-etopen-all.yaml -l /var/www/html/243593a222454f6a302c7799f85d7cad48e27f38cb3cf6f107cf7657e8f7c584 -r /var/pcap/08022019.1632-rdpTimeShift.pcap -vvv -k none
2019-08-02 16:35:21,154 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-08-02 16:35:21,155 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 8.04426193237