Filename: rdpTimeShift.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 23.8755660057 seconds
Hash: 243593a222454f6a302c7799f85d7cad
Uploaded: 1564763536

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2019-08-02-T-16-32-40-08022019.1632-rdpTimeShift.pcap.txt - (13141 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
  --------------------------------------------------------------------------
  Date: 8/2/2019 -- 16:32:40. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2001330      1        8        42111534     47.57  2092     2        6778850     20129.80    38130.00    20112.57   
  2        2811447      1        2        4657450      5.26   72       0        488866      64686.81    0.00        64686.81   
  3        2018789      1        3        120474       0.14   1        0        120474      120474.00   0.00        120474.00  
  4        2020788      1        2        123606       0.14   2        0        97010       61803.00    0.00        61803.00   
  5        2018375      1        3        1413538      1.60   63       0        96340       22437.11    0.00        22437.11   
  6        2014386      1        2        24812236     28.03  1025     1        88936       24207.06    43498.00    24188.22   
  7        2828876      1        1        708078       0.80   141      0        76660       5021.83     0.00        5021.83    
  8        2014385      1        5        58310        0.07   1        1        58310       58310.00    58310.00    0.00       
  9        2001972      1        20       58306        0.07   1        1        58306       58306.00    58306.00    0.00       
  10       2017548      1        6        1415330      1.60   45       0        50554       31451.78    0.00        31451.78   
  11       2020786      1        4        50064        0.06   1        0        50064       50064.00    0.00        50064.00   
  12       2018373      1        3        1379654      1.56   63       0        41784       21899.27    0.00        21899.27   
  13       2018377      1        3        1354330      1.53   63       0        39172       21497.30    0.00        21497.30   
  14       2022132      1        1        56964        0.06   2        0        31140       28482.00    0.00        28482.00   
  15       2020692      1        1        30758        0.03   1        0        30758       30758.00    0.00        30758.00   
  16       2018077      1        5        29714        0.03   1        0        29714       29714.00    0.00        29714.00   
  17       2020783      1        3        29578        0.03   1        0        29578       29578.00    0.00        29578.00   
  18       2828877      1        1        209908       0.24   40       0        28066       5247.70     0.00        5247.70    
  19       2802987      1        5        209780       0.24   39       0        27844       5378.97     0.00        5378.97    
  20       2018638      1        2        27588        0.03   1        0        27588       27588.00    0.00        27588.00   
  21       2020765      1        2        27538        0.03   1        0        27538       27538.00    0.00        27538.00   
  22       2815451      1        2        43424        0.05   2        0        26218       21712.00    0.00        21712.00   
  23       2823966      1        1        42252        0.05   2        0        26130       21126.00    0.00        21126.00   
  24       2020774      1        2        25954        0.03   1        0        25954       25954.00    0.00        25954.00   
  25       2013479      1        5        25150        0.03   1        1        25150       25150.00    25150.00    0.00       
  26       2018382      1        8        352640       0.40   63       0        23704       5597.46     0.00        5597.46    
  27       2816382      1        1        223394       0.25   41       0        22566       5448.63     0.00        5448.63    
  28       2801914      1        2        238340       0.27   41       0        22458       5813.17     0.00        5813.17    
  29       2024776      1        1        481672       0.54   94       0        22070       5124.17     0.00        5124.17    
  30       2103158      1        6        680092       0.77   136      0        21888       5000.68     0.00        5000.68    
  31       2801929      1        7        205504       0.23   32       0        20756       6422.00     0.00        6422.00    
  32       2021702      1        1        416466       0.47   79       0        20648       5271.72     0.00        5271.72    
  33       2801930      1        7        173544       0.20   32       0        20520       5423.25     0.00        5423.25    
  34       2020661      1        3        453374       0.51   85       0        20422       5333.81     0.00        5333.81    
  35       2021151      1        1        238762       0.27   48       0        20136       4974.21     0.00        4974.21    
  36       2024775      1        1        471852       0.53   94       0        19960       5019.70     0.00        5019.70    
  37       2803657      1        5        185976       0.21   37       0        19928       5026.38     0.00        5026.38    
  38       2812033      1        3        17370        0.02   1        0        17370       17370.00    0.00        17370.00   
  39       2018069      1        1        17324        0.02   1        0        17324       17324.00    0.00        17324.00   
  40       2020371      1        2        32368        0.04   2        0        16188       16184.00    0.00        16184.00   
  41       2014384      1        8        20528        0.02   2        0        16040       10264.00    0.00        10264.00   
  42       2018487      1        4        16040        0.02   1        0        16040       16040.00    0.00        16040.00   
  43       2806561      1        5        15880        0.02   1        0        15880       15880.00    0.00        15880.00   
  44       2024777      1        2        329592       0.37   63       0        9020        5231.62     0.00        5231.62    
  45       2024778      1        1        435756       0.49   86       0        8464        5066.93     0.00        5066.93    
  46       2804911      1        3        252302       0.29   53       0        8318        4760.42     0.00        4760.42    
  47       2018477      1        1        494132       0.56   102      0        8270        4844.43     0.00        4844.43    
  48       2021701      1        1        378698       0.43   79       0        8108        4793.65     0.00        4793.65    
  49       2102523      1        8        7434         0.01   1        0        7434        7434.00     0.00        7434.00    
  50       2804906      1        3        205364       0.23   43       0        7112        4775.91     0.00        4775.91    
  51       2022547      1        1        423430       0.48   86       0        6886        4923.60     0.00        4923.60    
  52       2009387      1        4        234132       0.26   47       0        6748        4981.53     0.00        4981.53    
  53       2017935      1        3        12028        0.01   2        0        6578        6014.00     0.00        6014.00    
  54       2803027      1        6        187252       0.21   39       0        6420        4801.33     0.00        4801.33    
  55       2018292      1        1        188336       0.21   40       0        6332        4708.40     0.00        4708.40    
  56       2019313      1        3        191674       0.22   39       0        6234        4914.72     0.00        4914.72    
  57       2008302      1        3        11440        0.01   2        0        6232        5720.00     0.00        5720.00    
  58       2100327      1        10       21912        0.02   4        0        6190        5478.00     0.00        5478.00    
  59       2012236      1        2        191444       0.22   41       0        6188        4669.37     0.00        4669.37    
  60       2015986      1        5        112362       0.13   24       0        6186        4681.75     0.00        4681.75    
  61       2102190      1        5        123706       0.14   26       0        6020        4757.92     0.00        4757.92    
  62       2103159      1        4        26822        0.03   5        0        6006        5364.40     0.00        5364.40    
  63       2008306      1        3        11042        0.01   2        0        6004        5521.00     0.00        5521.00    
  64       2828748      1        2        191872       0.22   40       0        5840        4796.80     0.00        4796.80    
  65       2804907      1        3        193572       0.22   42       0        5652        4608.86     0.00        4608.86    
  66       2018558      1        5        5634         0.01   1        0        5634        5634.00     0.00        5634.00    
  67       2804927      1        2        199188       0.23   43       0        5624        4632.28     0.00        4632.28    
  68       2811636      1        1        5600         0.01   1        0        5600        5600.00     0.00        5600.00    
  69       2021976      1        2        5598         0.01   1        0        5598        5598.00     0.00        5598.00    
  70       2809256      1        3        5534         0.01   1        0        5534        5534.00     0.00        5534.00    
  71       2809487      1        2        119350       0.13   26       0        5504        4590.38     0.00        4590.38    
  72       2103238      1        4        5488         0.01   1        0        5488        5488.00     0.00        5488.00    
  73       2021152      1        1        211464       0.24   46       0        5484        4597.04     0.00        4597.04    
  74       2810453      1        3        5480         0.01   1        0        5480        5480.00     0.00        5480.00    
  75       2019809      1        2        10728        0.01   2        0        5456        5364.00     0.00        5364.00    
  76       2808175      1        1        9954         0.01   2        0        5456        4977.00     0.00        4977.00    
  77       2018281      1        4        5450         0.01   1        0        5450        5450.00     0.00        5450.00    
  78       2809132      1        1        5438         0.01   1        0        5438        5438.00     0.00        5438.00    
  79       2802991      1        5        169160       0.19   36       0        5404        4698.89     0.00        4698.89    
  80       2821018      1        1        5296         0.01   1        0        5296        5296.00     0.00        5296.00    
  81       2807546      1        6        5264         0.01   1        0        5264        5264.00     0.00        5264.00    
  82       2021978      1        6        5260         0.01   1        0        5260        5260.00     0.00        5260.00    
  83       2811121      1        2        5246         0.01   1        0        5246        5246.00     0.00        5246.00    
  84       2821129      1        2        9684         0.01   2        0        5244        4842.00     0.00        4842.00    
  85       2018067      1        3        5222         0.01   1        0        5222        5222.00     0.00        5222.00    
  86       2808984      1        1        5222         0.01   1        0        5222        5222.00     0.00        5222.00    
  87       2102523      1        8        5016         0.01   1        0        5016        5016.00     0.00        5016.00    
  88       2014130      1        2        167100       0.19   37       0        4902        4516.22     0.00        4516.22    
  89       2018063      1        3        4896         0.01   1        0        4896        4896.00     0.00        4896.00    
  90       2803152      1        1        4814         0.01   1        0        4814        4814.00     0.00        4814.00    
  91       2814978      1        2        9516         0.01   2        0        4762        4758.00     0.00        4758.00    
  92       2824995      1        1        4718         0.01   1        0        4718        4718.00     0.00        4718.00    
  93       2804982      1        2        4524         0.01   1        0        4524        4524.00     0.00        4524.00    
  94       2806423      1        2        4478         0.01   1        0        4478        4478.00     0.00        4478.00    
  95       2018625      1        5        4474         0.01   1        0        4474        4474.00     0.00        4474.00    
  96       2022868      1        4        4470         0.01   1        0        4470        4470.00     0.00        4470.00    
  97       2814979      1        2        8884         0.01   2        0        4442        4442.00     0.00        4442.00    
  98       2803226      1        2        4432         0.01   1        0        4432        4432.00     0.00        4432.00    
  99       2804387      1        4        4420         0.00   1        0        4420        4420.00     0.00        4420.00    


suricata-report-2019-08-02-T-16-32-40-08022019.1632-rdpTimeShift.pcap.txt - (17554 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/243593a222454f6a302c7799f85d7cad56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/08022019.1632-rdpTimeShift.pcap -vvv -k none
elapsedtime:22.800943
stderr:
stdout:
2/8/2019 -- 16:32:17 - <Info> - Configuration node 'rule-files' redefined.
2/8/2019 -- 16:32:17 - <Notice> - This is Suricata version 4.0.0 RELEASE
2/8/2019 -- 16:32:17 - <Info> - CPUs/cores online: 1
2/8/2019 -- 16:32:17 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34144 and 'request-body-inspect-window' set to 15707 after randomization.
2/8/2019 -- 16:32:17 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32929 and 'response-body-inspect-window' set to 16357 after randomization.
2/8/2019 -- 16:32:17 - <Config> - DNS request flood protection level: 500
2/8/2019 -- 16:32:17 - <Config> - DNS per flow memcap (state-memcap): 524288
2/8/2019 -- 16:32:17 - <Config> - DNS global memcap: 16777216
2/8/2019 -- 16:32:17 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
2/8/2019 -- 16:32:17 - <Config> - preallocated 1000 hosts of size 136
2/8/2019 -- 16:32:17 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
2/8/2019 -- 16:32:17 - <Config> - using magic-file /usr/share/file/magic
2/8/2019 -- 16:32:17 - <Config> - Core dump size is unlimited.
2/8/2019 -- 16:32:17 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
2/8/2019 -- 16:32:17 - <Config> - preallocated 1000 defrag trackers of size 168
2/8/2019 -- 16:32:17 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
2/8/2019 -- 16:32:17 - <Config> - stream "prealloc-sessions": 2048 (per thread)
2/8/2019 -- 16:32:17 - <Config> - stream "memcap": 33554432
2/8/2019 -- 16:32:17 - <Config> - stream "midstream" session pickups: disabled
2/8/2019 -- 16:32:17 - <Config> - stream "async-oneside": disabled
2/8/2019 -- 16:32:17 - <Config> - stream "checksum-validation": disabled
2/8/2019 -- 16:32:17 - <Config> - stream."inline": disabled
2/8/2019 -- 16:32:17 - <Config> - stream "bypass": disabled
2/8/2019 -- 16:32:17 - <Config> - stream "max-synack-queued": 5
2/8/2019 -- 16:32:17 - <Config> - stream.reassembly "memcap": 134217728
2/8/2019 -- 16:32:17 - <Config> - stream.reassembly "depth": 0
2/8/2019 -- 16:32:17 - <Config> - stream.reassembly "toserver-chunk-size": 2520
2/8/2019 -- 16:32:17 - <Config> - stream.reassembly "toclient-chunk-size": 2566
2/8/2019 -- 16:32:17 - <Config> - stream.reassembly.raw: enabled
2/8/2019 -- 16:32:17 - <Config> - stream.reassembly "segment-prealloc": 2048
2/8/2019 -- 16:32:17 - <Config> - Delayed detect disabled
2/8/2019 -- 16:32:17 - <Config> - pattern matchers: MPM: ac, SPM: bm
2/8/2019 -- 16:32:17 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
2/8/2019 -- 16:32:17 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
2/8/2019 -- 16:32:17 - <Config> - prefilter engines: MPM
2/8/2019 -- 16:32:17 - <Config> - IP reputation disabled
2/8/2019 -- 16:32:17 - <Perf> - Registered 148 keyword profiling counters.
2/8/2019 -- 16:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
2/8/2019 -- 16:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
2/8/2019 -- 16:32:17 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
2/8/2019 -- 16:32:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
2/8/2019 -- 16:32:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
2/8/2019 -- 16:32:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
2/8/2019 -- 16:32:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
2/8/2019 -- 16:32:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
2/8/2019 -- 16:32:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
2/8/2019 -- 16:32:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
2/8/2019 -- 16:32:22 - <Config> - No rules loaded from ET-icmp.rules.
2/8/2019 -- 16:32:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
2/8/2019 -- 16:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
2/8/2019 -- 16:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
2/8/2019 -- 16:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
2/8/2019 -- 16:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
2/8/2019 -- 16:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
2/8/2019 -- 16:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
2/8/2019 -- 16:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
2/8/2019 -- 16:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
2/8/2019 -- 16:32:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
2/8/2019 -- 16:32:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
2/8/2019 -- 16:32:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
2/8/2019 -- 16:32:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
2/8/2019 -- 16:32:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
2/8/2019 -- 16:32:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
2/8/2019 -- 16:32:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
2/8/2019 -- 16:32:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
2/8/2019 -- 16:32:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
2/8/2019 -- 16:32:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
2/8/2019 -- 16:32:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
2/8/2019 -- 16:32:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
2/8/2019 -- 16:32:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
2/8/2019 -- 16:32:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
2/8/2019 -- 16:32:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
2/8/2019 -- 16:32:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
2/8/2019 -- 16:32:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
2/8/2019 -- 16:32:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
2/8/2019 -- 16:32:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
2/8/2019 -- 16:32:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
2/8/2019 -- 16:32:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
2/8/2019 -- 16:32:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
2/8/2019 -- 16:32:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
2/8/2019 -- 16:32:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
2/8/2019 -- 16:32:30 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
2/8/2019 -- 16:32:30 - <Config> - No rules loaded from local.rules.
2/8/2019 -- 16:32:30 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
2/8/2019 -- 16:32:30 - <Info> - Threshold config parsed: 0 rule(s) found
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for tcp-packet
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for tcp-stream
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for udp-packet
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for other-ip
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_uri
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_request_line
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_client_body
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_response_line
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_header
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_header
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_header_names
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_header_names
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_accept
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_accept_enc
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_accept_lang
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_referer
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_connection
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_content_len
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_content_len
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_content_type
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_content_type
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_protocol
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_protocol
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_start
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_start
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_raw_header
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_raw_header
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_method
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_cookie
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_cookie
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_raw_uri
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_user_agent
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_host
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_raw_host
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_stat_msg
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_stat_code
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for dns_query
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for tls_sni
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for tls_cert_issuer
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for tls_cert_subject
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for tls_cert_serial
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for dce_stub_data
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for dce_stub_data
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for ssh_protocol
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for ssh_protocol
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for ssh_software
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for ssh_software
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for file_data
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for file_data
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_request_line
2/8/2019 -- 16:32:31 - <Perf> - using shared mpm ctx' for http_response_line
2/8/2019 -- 16:32:31 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
2/8/2019 -- 16:32:31 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
2/8/2019 -- 16:32:31 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
2/8/2019 -- 16:32:31 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
2/8/2019 -- 16:32:31 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
2/8/2019 -- 16:32:31 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
2/8/2019 -- 16:32:31 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
2/8/2019 -- 16:32:31 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
2/8/2019 -- 16:32:36 - <Perf> - Unique rule groups: 104
2/8/2019 -- 16:32:36 - <Perf> - Builtin MPM "toserver TCP packet": 35
2/8/2019 -- 16:32:36 - <Perf> - Builtin MPM "toclient TCP packet": 17
2/8/2019 -- 16:32:36 - <Perf> - Builtin MPM "toserver TCP stream": 33
2/8/2019 -- 16:32:36 - <Perf> - Builtin MPM "toclient TCP stream": 19
2/8/2019 -- 16:32:36 - <Perf> - Builtin MPM "toserver UDP packet": 27
2/8/2019 -- 16:32:36 - <Perf> - Builtin MPM "toclient UDP packet": 17
2/8/2019 -- 16:32:36 - <Perf> - Builtin MPM "other IP packet": 3
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_uri": 14
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_request_line": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_client_body": 6
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toclient http_response_line": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_header": 10
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toclient http_header": 6
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_header_names": 2
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_accept": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_referer": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_content_len": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_content_type": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toclient http_content_type": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_protocol": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_start": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_method": 5
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_cookie": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toclient http_cookie": 2
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver http_host": 2
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver dns_query": 4
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver tls_sni": 2
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toserver file_data": 1
2/8/2019 -- 16:32:36 - <Perf> - AppLayer MPM "toclient file_data": 7
2/8/2019 -- 16:32:38 - <Perf> - Registered 39590 rule profiling counters.
2/8/2019 -- 16:32:38 - <Info> - fast output device (regular) initialized: alert
2/8/2019 -- 16:32:38 - <Info> - eve-log output device (regular) initialized: eve.json
2/8/2019 -- 16:32:38 - <Config> - enabling 'eve-log' module 'alert'
2/8/2019 -- 16:32:38 - <Config> - enabling 'eve-log' module 'http'
2/8/2019 -- 16:32:38 - <Config> - enabling 'eve-log' module 'dns'
2/8/2019 -- 16:32:38 - <Config> - enabling 'eve-log' module 'tls'
2/8/2019 -- 16:32:38 - <Config> - enabling 'eve-log' module 'files'
2/8/2019 -- 16:32:38 - <Config> - enabling 'eve-log' module 'ssh'
2/8/2019 -- 16:32:38 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
2/8/2019 -- 16:32:38 - <Info> - stats output device (regular) initialized: stats.log
2/8/2019 -- 16:32:38 - <Config> - AutoFP mode using "Hash" flow load balancer
2/8/2019 -- 16:32:38 - <Info> - reading pcap file /var/pcap/08022019.1632-rdpTimeShift.pcap
2/8/2019 -- 16:32:38 - <Config> - using 1 flow manager threads
2/8/2019 -- 16:32:38 - <Config> - using 1 flow recycler threads
2/8/2019 -- 16:32:38 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engine started.
2/8/2019 -- 16:32:38 - <Info> - No pa

This file has been truncated. Go here to download in full.


packet_stats.log - (5062 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          3231          2418446      631385308     427022793       1379.7b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          3231           113550       22753638        260140        840.5m   89.82
TMM_RECEIVEPCAPFILE         IPv4       6          3230             4428        9425932          7940         25.6m    2.74
TMM_DECODEPCAPFILE          IPv4       6          3230             4566       20300134         21548         69.6m    7.44

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          3230             4720        8244688          7983         25.8m  3.57  
stream                  IPv4       6          3231             4664         124342          6053         19.6m  2.71  
detect                  IPv4       6          3231            76458       20802434        204317        660.2m  91.47 
tcp-prune               IPv4       6          3231             4440          87368          5025         16.2m  2.25  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             2            89030         323946        206488        413.0k  4.60  
LOGGER_UNIFIED2             IPv4       6             2            92516         268730        180623        361.2k  4.03  
LOGGER_JSON_ALERT           IPv4       6             2           118138        8077422       4097780          8.2m  91.37 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          2285             4518        6855546         25561        58.4m  39.87 
stream                            IPv4       6          2285             4404        2714636         38548        88.1m  60.13 
Total                             IPv4                  4570                                         32055       146.5m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2            44712         231344        138028        276.1k  0.04  
PROF_DETECT_RULES           IPv4       6          3231             4432        6817860         41047        132.6m  18.78 
PROF_DETECT_STATEFUL_CONT    IPv4       6          3231             4386        2551436          5944         19.2m  2.72  
PROF_DETECT_PREFILTER       IPv4       6          3231            13402        9022740         84325        272.5m  38.58 
PROF_DETECT_PF_PAYLOAD      IPv4       6          2285            22496        6875086         78832        180.1m  25.51 
PROF_DETECT_PF_SORT1        IPv4       6          1007             4408          30596          4918          5.0m  0.70  
PROF_DETECT_PF_SORT2        IPv4       6          3231             4416        2299654          5710         18.5m  2.61  
PROF_DETECT_NONMPMLIST      IPv4       6          3231             4404          56528          4964         16.0m  2.27  
PROF_DETECT_ALERT           IPv4       6          3231             4408         423670          5055         16.3m  2.31  
PROF_DETECT_CLEANUP         IPv4       6          3231             4436          69578          4918         15.9m  2.25  
PROF_DETECT_GETSGH          IPv4       6          3231             4414       11544424          9231         29.8m  4.22  


stats.log - (2462 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
------------------------------------------------------------------------------------
Date: 8/2/2019 -- 16:32:40 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 3230
decoder.bytes                              | Total                     | 3068249
decoder.ipv4                               | Total                     | 3230
decoder.ethernet                           | Total                     | 3230
decoder.tcp                                | Total                     | 3230
decoder.avg_pkt_size                       | Total                     | 949
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 1
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 5
detect.alert                               | Total                     | 2
detect.mpm_list                            | Total                     | 1
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 1
app_layer.flow.failed_tcp                  | Total                     | 1
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 1
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65535
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074592


eve.json - (746 bytes) - download
1
2
{"timestamp":"2019-07-23T04:52:55.380696+0000","flow_id":912103190277825,"pcap_cnt":6,"event_type":"alert","src_ip":"192.168.54.130","src_port":3389,"dest_ip":"192.168.54.1","dest_port":60211,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}}
{"timestamp":"2019-07-23T04:53:08.918412+0000","flow_id":912103190277825,"pcap_cnt":58,"event_type":"alert","src_ip":"192.168.54.130","src_port":3389,"dest_ip":"192.168.54.1","dest_port":60211,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3},"app_proto":"failed"}


keyword_perf.log - (4872 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 8/2/2019 -- 16:32:40
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            25368           4               3               10110           6342.00         6532.00         5772.00        
  flow             5058004         1029            1029            68162           4915.00         4915.00         0.00           
  threshold        52634           2               0               47016           26317.00        0.00            26317.00       
  content          23953786        3154            287             6758790         7594.00         7696.00         7584.00        
  pcre             76128           2               0               71092           38064.00        0.00            38064.00       
  byte_jump        309188          54              0               18296           5725.00         0.00            5725.00        
  flowbits         5043074         1028            5               30572           4905.00         7690.00         4892.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            25368           4               3               10110           6342.00         6532.00         5772.00        
  flow             5058004         1029            1029            68162           4915.00         4915.00         0.00           
  flowbits         5020126         1025            2               30572           4897.00         7751.00         4892.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          23953786        3154            287             6758790         7594.00         7696.00         7584.00        
  pcre             76128           2               0               71092           38064.00        0.00            38064.00       
  byte_jump        309188          54              0               18296           5725.00         0.00            5725.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         22948           3               3               12694           7649.00         7649.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        52634           2               0               47016           26317.00        0.00            26317.00       


suricata-4.0.0-etpro-all-alert-2019-08-02-T-16-32-40-08022019.1632-rdpTimeShift.pcap.txt - (358 bytes) - download
1
2
07/23/2019-04:52:55.380696  [**] [1:2001330:8] ET POLICY RDP connection confirm [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.54.130:3389 -> 192.168.54.1:60211
07/23/2019-04:53:08.918412  [**] [1:2001330:8] ET POLICY RDP connection confirm [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.54.130:3389 -> 192.168.54.1:60211


unified2.alert.1564763558 - (4171 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
4]6’§Ï‰²À¨6‚À¨6
=ë3q]6’§]6’§ÏUPVÀ)FøÁEGW@€
†À¨6‚À¨6
=ë3fźûE(–€É6
›Â>uw*Ð44]6’´Œ‰²À¨6‚À¨6
=ë3e]6’´]6’´ŒIE;ÌéÀ¨6‚À¨6
=ë3P¤iÐ4œ]6’´]6’´Œ€ErɲÀ¨6‚À¨6
=ë3P©×EM\åQã­µ… çŸ£®æ_Bâ.>æ¸PÑaùQx¶žtz ô-ߙIi¤_&_ÆS¶Ï¶´–ŠåΙÞí/ÿìéæ0‚â0‚Ê 3*4_ª!ߣFÀ~n;ÿS0
	*†H†÷
010UWIN-S3427JHLOSJ0
190521132121Z
191120132121Z010UWIN-S3427JHLOSJ0‚"0
	*†H†÷
‚0‚
‚´‡íämP1‰Ká–^¿ð¦“Hj8öèkƒ³ïFrÔ@ü?á—%ftZØ	n´;	I¨²˜éÞ7Ú¨	€`^øí질¸ÙÕmtøÙoù7¥ã•gN²!øI¹Z`8“@Hš{Å-Ҋ,n‘0‡zîH•Nþ%&é’iæ
ͯ!³™Záû$„M<ãݛãD“×;;nv)¸0}tùŠØ‘…
›XÙ"ràÙi!È'UI^G—giéA±Ñ&Óu±ÝŽ—Íñ>DE¹Ôp`õ9/bWô¶Ù*_,ÛÀOÿsF5`¥~5›–Š~·ý=6+è§{\â›£$0"0U%0
+0U00
	*†H†÷
‚gø>ŽóïÔ Œ(®¿ÝØ°Ñßxòšá U>£©cŒëq˜MGf\ØØ͋ÿÊݟ"`
å4Yc¿8ÅåòfJxÄXvå¹*¶.:p‡× ´…1ørG¥S«ÖÝÅíPÃقE*/kruâ$;hn-lbæ%Nš(‰Ka3lüja‰ÞÝ7‘t’–A«ží+YÖ+d–$ õÁN7‡ÚòNrÛù-­Ñaÿ¢J†ägwÞzÉv Ï?uØáŸ+qp"PW”¿ö—OÏz߉WÅLü4¢èŸNé&›!meƒ2Y
UìsքEÎR~•pSbÚ,ö„Yo]6’´]6’´ŒqEcÌÁÀ¨6‚À¨6
=ë3Pk†0\ó«¿Ì{e×UñӐã®|È÷ŸC‡¤wæÔ¼¹‹FÍÔ/Js'KDOo×E÷w]6’´]6’´Œ[EMË×À¨6‚À¨6
=ë3Pé‹ üƒe°6ÄV–¨8E$õ ­á(Ø zo>ЗY©)•ÆAÎÑS1³—Ðœác±ù°w›±ÿ¹ÜÿíÄñ(Ë(ÃxäTÊÙEr”*ô
P†i
dÐs%YD⚨©âù(Ú[‘†Ðu€híšãL;Óô²
N›J­&}Ú_°xeK+ ýóUÖz²SÙ8£Ÿ™q•xË}vӇ¸Mº³zx,]Æ;ø0¢v[²‘nš>-—ÕýužÔJ–`–"ÆÚ'<IÉ6ýåa‡ÐOjÄnr:Xó}–1ßÀê² ÈbÙóLíEé‚Up,ݳ¿hè5Lâ4¼„z¦Aôml£Z}-›KÎò‡—tù~Ó@ú	¶Æþ|0I¡JÐ튘§]6’´]6’´Œ‹E}˧À¨6‚À¨6
=ë3Pe³P¹¶«!®ê¢´Á‹&FÄÔlÆ9¹mxî÷´ÓY/¦.\‹;‹vؘ´Èp¬éä|ïR=gÓIþ•=œ?p·¯í¶å¼ã¼ýWjfÇ
h
ȃÌ"Ës
X|8F›oÕC \²¼ïݾ˽³ÿÔN"e?ܼdÈ:²Ùˆýñ
ý49^Çʁ͔É$¨²‰æ§šà“¯ýA‰BêîˆÓï&Ë%Þj«dڞÅO8Ø,¶'emßCD@Š°oëéÍí|DŠHki4=¯*<Ò±Ž§~ÿ¿ÌgoG“àZùˆuø&³íšª'”œ•¤÷$4ÿ: ³†cùZ)0=øgµ5
v^×„`Ù]Öì76þõkðƒ9ÛOdÓÚ½+ÚÿÖyÄ@‘Ø•ñjZ/sq8¬×U7h”yöÆ"áÕl@Š¬g!¥¯ç]6’´]6’´ŒËE½ÌgÀ¨6‚À¨6
=ë3P/V
¶/Sžñ‰ëÅNí…ñ}†§*èF#uW¿§`á×¹Œ0š%—³]3Ûàb~¬­Gþ)Ád˜f2ª7„ªC×û>.TT¯:¡k%¨óXf]õ»Y¹VJ„ðWzý¸ä6ˆžf˜you§³e°Öª¼u솧ö/-hÞ2S —ÐK²Ÿ
õ<ZÓ°w]6’´]6’´Œ[EMÌ×À¨6‚À¨6
=ë3Pñ pß(R0ٙú%#¯X¿Ÿ­á ª	°Z;4°‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3P›[0³k-閑aÀÀ2ø¤Y…e#Þ_PþªûÃPÝaä؟E­¬§í­K\•SJO<‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3P‹ò0•Ÿtºa£4åT.ÎÆÞ¶o•;ˆ.¼µÖSdú%!]Œ¹ŸFÍØž¸Ÿäî‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3P¸0{žgó>Jáa˜iX,$féû#Õù4¨3$áq7wOðŽ´$+Ç+ë©A½kïŒažÖ‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3P“;0Ո«@YÀ‰+éÁÓï&QdF’*.º
a¡Ã™Hû^Šû{fWlWI´ZºÃ‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3P	n0AñòÒÓ/&¬4ŸLFHw¢ù^,¥K÷P¿]ß1«¡ò”M«‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3PÐÂ0òòRWù£^&]DkjÓnWŒ=ïP+l=0¯§hxÛ¢1®}4ÆI‘y@G~Û@pn—]6’´]6’´Œ{EmÌ·À¨6‚À¨6
=ë3PÚî@›‘G¤qå·h<0ÉF.‚‡iMßÿ"ý[ØäÖJßfräì'ÌÖ²äQ7GÁ;ëF|ºšÿcðß\ǦÁ±‹†Xù\Eò]6’´]6’´ŒûEíË7À¨6‚À¨6
=ë3Pl6ÀO‹€’Ö);{Ë@ÒäØÒ<ƒE˦ù
I¾ké6©2#µ#ˆbÂ
”#§e#i8¸@ /~«×ÓþFWG[h•ïæ寁'›®Š'&ýMŒœüÔý"{Õe*ˆ,¶ÉžÈ©ÇÎß`xy##?ÄZ»[où2[·ŠÒÑÖr~_¥H-øijS#’tù7Cì³¼ÔLmVŒÐzÅ5©ÉTˆ*Л•»(³Eš‡»f"³ÁÒT~½ðŽú=þO7P5h«Ðñí9ÁÁª–ebœTÖYÍ#-?.ÇóÍ5˜õiP9ü…Zë¬bùLf>´¦â<½o†ìÇúːYÎXü8I@ÅoáHF§Õ9Ǩ]˜óۖÃL†öÏÏíj7lzÒUϑj%é¦Ùv8<¾ê;0L/
η}ÄõÖpTÙJàûs7-ËKG	ߋs¹§<ú̅ –+äƒt¡uÖÁøU¿%ÔOxÕ¦enlç‘IcZXuއ‚…#¤—ë LáoÇ.êgèXŠ~7W›;(ÛÜf§üHSvâ2Òò WúJômÚ·îV9Æñ†’½h(`


IDSDeathBlossom.py.log - (1152 bytes) - download
1
2
3
4
5
6
7
8
2019-08-02 16:32:16,660 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-08-02 16:32:17,523 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-08-02 16:32:17,523 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-08-02 16:32:17,524 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-08-02 16:32:17,524 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-08-02 16:32:17,524 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/243593a222454f6a302c7799f85d7cad56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/08022019.1632-rdpTimeShift.pcap -vvv -k none
2019-08-02 16:32:40,328 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-08-02 16:32:40,329 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.6774170399