Filename: rdpTimeShift.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 11.0211939812 seconds
Hash: 243593a222454f6a302c7799f85d7cad
Uploaded: 1566428644

Logfiles


unified2.alert.1566428652 - (4171 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
4]6’§Ï‰²À¨6‚À¨6
=ë3q]6’§]6’§ÏUPVÀ)FøÁEGW@€
†À¨6‚À¨6
=ë3fźûE(–€É6
›Â>uw*Ð44]6’´Œ‰²À¨6‚À¨6
=ë3e]6’´]6’´ŒIE;ÌéÀ¨6‚À¨6
=ë3P¤iÐ4œ]6’´]6’´Œ€ErɲÀ¨6‚À¨6
=ë3P©×EM\åQã­µ… çŸ£®æ_Bâ.>æ¸PÑaùQx¶žtz ô-ߙIi¤_&_ÆS¶Ï¶´–ŠåΙÞí/ÿìéæ0‚â0‚Ê 3*4_ª!ߣFÀ~n;ÿS0
	*†H†÷
010UWIN-S3427JHLOSJ0
190521132121Z
191120132121Z010UWIN-S3427JHLOSJ0‚"0
	*†H†÷
‚0‚
‚´‡íämP1‰Ká–^¿ð¦“Hj8öèkƒ³ïFrÔ@ü?á—%ftZØ	n´;	I¨²˜éÞ7Ú¨	€`^øí질¸ÙÕmtøÙoù7¥ã•gN²!øI¹Z`8“@Hš{Å-Ҋ,n‘0‡zîH•Nþ%&é’iæ
ͯ!³™Záû$„M<ãݛãD“×;;nv)¸0}tùŠØ‘…
›XÙ"ràÙi!È'UI^G—giéA±Ñ&Óu±ÝŽ—Íñ>DE¹Ôp`õ9/bWô¶Ù*_,ÛÀOÿsF5`¥~5›–Š~·ý=6+è§{\â›£$0"0U%0
+0U00
	*†H†÷
‚gø>ŽóïÔ Œ(®¿ÝØ°Ñßxòšá U>£©cŒëq˜MGf\ØØ͋ÿÊݟ"`
å4Yc¿8ÅåòfJxÄXvå¹*¶.:p‡× ´…1ørG¥S«ÖÝÅíPÃقE*/kruâ$;hn-lbæ%Nš(‰Ka3lüja‰ÞÝ7‘t’–A«ží+YÖ+d–$ õÁN7‡ÚòNrÛù-­Ñaÿ¢J†ägwÞzÉv Ï?uØáŸ+qp"PW”¿ö—OÏz߉WÅLü4¢èŸNé&›!meƒ2Y
UìsքEÎR~•pSbÚ,ö„Yo]6’´]6’´ŒqEcÌÁÀ¨6‚À¨6
=ë3Pk†0\ó«¿Ì{e×UñӐã®|È÷ŸC‡¤wæÔ¼¹‹FÍÔ/Js'KDOo×E÷w]6’´]6’´Œ[EMË×À¨6‚À¨6
=ë3Pé‹ üƒe°6ÄV–¨8E$õ ­á(Ø zo>ЗY©)•ÆAÎÑS1³—Ðœác±ù°w›±ÿ¹ÜÿíÄñ(Ë(ÃxäTÊÙEr”*ô
P†i
dÐs%YD⚨©âù(Ú[‘†Ðu€híšãL;Óô²
N›J­&}Ú_°xeK+ ýóUÖz²SÙ8£Ÿ™q•xË}vӇ¸Mº³zx,]Æ;ø0¢v[²‘nš>-—ÕýužÔJ–`–"ÆÚ'<IÉ6ýåa‡ÐOjÄnr:Xó}–1ßÀê² ÈbÙóLíEé‚Up,ݳ¿hè5Lâ4¼„z¦Aôml£Z}-›KÎò‡—tù~Ó@ú	¶Æþ|0I¡JÐ튘§]6’´]6’´Œ‹E}˧À¨6‚À¨6
=ë3Pe³P¹¶«!®ê¢´Á‹&FÄÔlÆ9¹mxî÷´ÓY/¦.\‹;‹vؘ´Èp¬éä|ïR=gÓIþ•=œ?p·¯í¶å¼ã¼ýWjfÇ
h
ȃÌ"Ës
X|8F›oÕC \²¼ïݾ˽³ÿÔN"e?ܼdÈ:²Ùˆýñ
ý49^Çʁ͔É$¨²‰æ§šà“¯ýA‰BêîˆÓï&Ë%Þj«dڞÅO8Ø,¶'emßCD@Š°oëéÍí|DŠHki4=¯*<Ò±Ž§~ÿ¿ÌgoG“àZùˆuø&³íšª'”œ•¤÷$4ÿ: ³†cùZ)0=øgµ5
v^×„`Ù]Öì76þõkðƒ9ÛOdÓÚ½+ÚÿÖyÄ@‘Ø•ñjZ/sq8¬×U7h”yöÆ"áÕl@Š¬g!¥¯ç]6’´]6’´ŒËE½ÌgÀ¨6‚À¨6
=ë3P/V
¶/Sžñ‰ëÅNí…ñ}†§*èF#uW¿§`á×¹Œ0š%—³]3Ûàb~¬­Gþ)Ád˜f2ª7„ªC×û>.TT¯:¡k%¨óXf]õ»Y¹VJ„ðWzý¸ä6ˆžf˜you§³e°Öª¼u솧ö/-hÞ2S —ÐK²Ÿ
õ<ZÓ°w]6’´]6’´Œ[EMÌ×À¨6‚À¨6
=ë3Pñ pß(R0ٙú%#¯X¿Ÿ­á ª	°Z;4°‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3P›[0³k-閑aÀÀ2ø¤Y…e#Þ_PþªûÃPÝaä؟E­¬§í­K\•SJO<‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3P‹ò0•Ÿtºa£4åT.ÎÆÞ¶o•;ˆ.¼µÖSdú%!]Œ¹ŸFÍØž¸Ÿäî‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3P¸0{žgó>Jáa˜iX,$féû#Õù4¨3$áq7wOðŽ´$+Ç+ë©A½kïŒažÖ‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3P“;0Ո«@YÀ‰+éÁÓï&QdF’*.º
a¡Ã™Hû^Šû{fWlWI´ZºÃ‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3P	n0AñòÒÓ/&¬4ŸLFHw¢ù^,¥K÷P¿]ß1«¡ò”M«‡]6’´]6’´ŒkE]ÌÇÀ¨6‚À¨6
=ë3PÐÂ0òòRWù£^&]DkjÓnWŒ=ïP+l=0¯§hxÛ¢1®}4ÆI‘y@G~Û@pn—]6’´]6’´Œ{EmÌ·À¨6‚À¨6
=ë3PÚî@›‘G¤qå·h<0ÉF.‚‡iMßÿ"ý[ØäÖJßfräì'ÌÖ²äQ7GÁ;ëF|ºšÿcðß\ǦÁ±‹†Xù\Eò]6’´]6’´ŒûEíË7À¨6‚À¨6
=ë3Pl6ÀO‹€’Ö);{Ë@ÒäØÒ<ƒE˦ù
I¾ké6©2#µ#ˆbÂ
”#§e#i8¸@ /~«×ÓþFWG[h•ïæ寁'›®Š'&ýMŒœüÔý"{Õe*ˆ,¶ÉžÈ©ÇÎß`xy##?ÄZ»[où2[·ŠÒÑÖr~_¥H-øijS#’tù7Cì³¼ÔLmVŒÐzÅ5©ÉTˆ*Л•»(³Eš‡»f"³ÁÒT~½ðŽú=þO7P5h«Ðñí9ÁÁª–ebœTÖYÍ#-?.ÇóÍ5˜õiP9ü…Zë¬bùLf>´¦â<½o†ìÇúːYÎXü8I@ÅoáHF§Õ9Ǩ]˜óۖÃL†öÏÏíj7lzÒUϑj%é¦Ùv8<¾ê;0L/
η}ÄõÖpTÙJàûs7-ËKG	ߋs¹§<ú̅ –+äƒt¡uÖÁøU¿%ÔOxÕ¦enlç‘IcZXuއ‚…#¤—ë LáoÇ.êgèXŠ~7W›;(ÛÜf§üHSvâ2Òò WúJômÚ·îV9Æñ†’½h(`


suricata-report-2019-08-21-T-23-04-15-08022019.1632-rdpTimeShift.pcap.txt - (18078 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/243593a222454f6a302c7799f85d7cadd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/08022019.1632-rdpTimeShift.pcap -vvv -k none
elapsedtime:9.894621
stderr:
stdout:
21/8/2019 -- 23:04:05 - <Info> - Configuration node 'rule-files' redefined.
21/8/2019 -- 23:04:05 - <Notice> - This is Suricata version 4.0.0 RELEASE
21/8/2019 -- 23:04:05 - <Info> - CPUs/cores online: 1
21/8/2019 -- 23:04:05 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34101 and 'request-body-inspect-window' set to 16908 after randomization.
21/8/2019 -- 23:04:05 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 32959 and 'response-body-inspect-window' set to 16382 after randomization.
21/8/2019 -- 23:04:05 - <Config> - DNS request flood protection level: 500
21/8/2019 -- 23:04:05 - <Config> - DNS per flow memcap (state-memcap): 524288
21/8/2019 -- 23:04:05 - <Config> - DNS global memcap: 16777216
21/8/2019 -- 23:04:05 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
21/8/2019 -- 23:04:05 - <Config> - preallocated 1000 hosts of size 136
21/8/2019 -- 23:04:05 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
21/8/2019 -- 23:04:05 - <Config> - using magic-file /usr/share/file/magic
21/8/2019 -- 23:04:05 - <Config> - Core dump size is unlimited.
21/8/2019 -- 23:04:05 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
21/8/2019 -- 23:04:05 - <Config> - preallocated 1000 defrag trackers of size 168
21/8/2019 -- 23:04:05 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
21/8/2019 -- 23:04:05 - <Config> - stream "prealloc-sessions": 2048 (per thread)
21/8/2019 -- 23:04:05 - <Config> - stream "memcap": 33554432
21/8/2019 -- 23:04:05 - <Config> - stream "midstream" session pickups: disabled
21/8/2019 -- 23:04:05 - <Config> - stream "async-oneside": disabled
21/8/2019 -- 23:04:05 - <Config> - stream "checksum-validation": disabled
21/8/2019 -- 23:04:05 - <Config> - stream."inline": disabled
21/8/2019 -- 23:04:05 - <Config> - stream "bypass": disabled
21/8/2019 -- 23:04:05 - <Config> - stream "max-synack-queued": 5
21/8/2019 -- 23:04:05 - <Config> - stream.reassembly "memcap": 134217728
21/8/2019 -- 23:04:05 - <Config> - stream.reassembly "depth": 0
21/8/2019 -- 23:04:05 - <Config> - stream.reassembly "toserver-chunk-size": 2593
21/8/2019 -- 23:04:05 - <Config> - stream.reassembly "toclient-chunk-size": 2576
21/8/2019 -- 23:04:05 - <Config> - stream.reassembly.raw: enabled
21/8/2019 -- 23:04:05 - <Config> - stream.reassembly "segment-prealloc": 2048
21/8/2019 -- 23:04:05 - <Config> - Delayed detect disabled
21/8/2019 -- 23:04:05 - <Config> - pattern matchers: MPM: ac, SPM: bm
21/8/2019 -- 23:04:05 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
21/8/2019 -- 23:04:05 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
21/8/2019 -- 23:04:05 - <Config> - prefilter engines: MPM
21/8/2019 -- 23:04:05 - <Config> - IP reputation disabled
21/8/2019 -- 23:04:05 - <Perf> - Registered 148 keyword profiling counters.
21/8/2019 -- 23:04:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
21/8/2019 -- 23:04:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
21/8/2019 -- 23:04:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
21/8/2019 -- 23:04:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
21/8/2019 -- 23:04:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
21/8/2019 -- 23:04:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
21/8/2019 -- 23:04:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
21/8/2019 -- 23:04:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
21/8/2019 -- 23:04:06 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
21/8/2019 -- 23:04:07 - <Config> - No rules loaded from ET-emerging-icmp.rules.
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
21/8/2019 -- 23:04:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
21/8/2019 -- 23:04:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
21/8/2019 -- 23:04:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
21/8/2019 -- 23:04:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
21/8/2019 -- 23:04:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
21/8/2019 -- 23:04:10 - <Config> - No rules loaded from local.rules.
21/8/2019 -- 23:04:10 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
21/8/2019 -- 23:04:10 - <Info> - Threshold config parsed: 0 rule(s) found
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for tcp-packet
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for tcp-stream
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for udp-packet
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for other-ip
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_uri
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_request_line
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_client_body
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_response_line
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_header
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_header
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_header_names
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_header_names
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_accept
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_accept_enc
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_accept_lang
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_referer
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_connection
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_content_len
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_content_len
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_content_type
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_content_type
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_protocol
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_protocol
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_start
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_start
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_raw_header
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_raw_header
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_method
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_cookie
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_cookie
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_raw_uri
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_user_agent
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_host
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_raw_host
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_stat_msg
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_stat_code
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for dns_query
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for tls_sni
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for tls_cert_issuer
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for tls_cert_subject
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for tls_cert_serial
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for dce_stub_data
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for dce_stub_data
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for ssh_protocol
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for ssh_protocol
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for ssh_software
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for ssh_software
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for file_data
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for file_data
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_request_line
21/8/2019 -- 23:04:11 - <Perf> - using shared mpm ctx' for http_response_line
21/8/2019 -- 23:04:11 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
21/8/2019 -- 23:04:11 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
21/8/2019 -- 23:04:11 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
21/8/2019 -- 23:04:11 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
21/8/2019 -- 23:04:11 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
21/8/2019 -- 23:04:11 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
21/8/2019 -- 23:04:11 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
21/8/2019 -- 23:04:11 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
21/8/2019 -- 23:04:12 - <Perf> - Unique rule groups: 111
21/8/2019 -- 23:04:12 - <Perf> - Builtin MPM "toserver TCP packet": 31
21/8/2019 -- 23:04:12 - <Perf> - Builtin MPM "toclient TCP packet": 20
21/8/2019 -- 23:04:12 - <Perf> - Builtin MPM "toserver TCP stream": 31
21/8/2019 -- 23:04:12 - <Perf> - Builtin MPM "toclient TCP stream": 21
21/8/2019 -- 23:04:12 - <Perf> - Builtin MPM "toserver UDP packet": 33
21/8/2019 -- 23:04:12 - <Perf> - Builtin MPM "toclient UDP packet": 15
21/8/2019 -- 23:04:12 - <Perf> - Builtin MPM "other IP packet": 2
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_uri": 8
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_request_line": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_client_body": 6
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient http_response_line": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_header": 6
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient http_header": 3
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_header_names": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_accept": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_referer": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_content_len": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_content_type": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient http_content_type": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_start": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_method": 3
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_cookie": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient http_cookie": 2
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver http_host": 2
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver dns_query": 4
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver tls_sni": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toserver file_data": 1
21/8/2019 -- 23:04:12 - <Perf> - AppLayer MPM "toclient file_data": 5
21/8/2019 -- 23:04:12 - <Perf> - Registered 18241 rule profiling counters.
21/8/2019 -- 23:04:12 - <Info> - fast output device (regular) initialized: alert
21/8/2019 -- 23:04:12 - <Info> - eve-log output device (regular) initialized: eve.json
21/8/2019 -- 23:04:12 - <Config> - enabling 'eve-log' module 'alert'
21/8/2019 -- 23:04:12 - <Config> - enabling 'eve-log' module 'http'
21/8/2019 -- 23:04:12 - <Config> - enabling 'eve-log' module 'dns'
21/8/2019 -- 23:04:12 - <Config> - enabling 'eve-log' module 'tls'
21/8/2019 -- 23:04:12 - <Config> - enabling 'eve-log' module 'files'
21/8/2019 -- 23:04:12 - <Config> - enabling 'eve-log' module 'ssh'
21/8/2019 -- 23:04:12 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
21/8/2019 -- 23:04:12 - <Info> - s

This file has been truncated. Go here to download in full.


suricata-4.0.0-etopen-all-perf.txt-2019-08-21-T-23-04-15-08022019.1632-rdpTimeShift.pcap.txt - (8150 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
  --------------------------------------------------------------------------
  Date: 8/21/2019 -- 23:04:15. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2014386      1        2        48461354     47.67  1025     1        14275730    47279.37    43844.00    47282.72   
  2        2001330      1        8        39262914     38.62  2092     2        2786866     18768.12    40501.00    18747.33   
  3        2018382      1        8        482012       0.47   63       0        109266      7650.98     0.00        7650.98    
  4        2018789      1        3        86650        0.09   1        0        86650       86650.00    0.00        86650.00   
  5        2018375      1        3        1474972      1.45   63       0        85396       23412.25    0.00        23412.25   
  6        2017548      1        6        1643728      1.62   45       0        75062       36527.29    0.00        36527.29   
  7        2018477      1        1        576434       0.57   102      0        68162       5651.31     0.00        5651.31    
  8        2018373      1        3        1450362      1.43   63       0        64154       23021.62    0.00        23021.62   
  9        2012236      1        2        244438       0.24   41       0        52912       5961.90     0.00        5961.90    
  10       2001972      1        20       51236        0.05   1        1        51236       51236.00    51236.00    0.00       
  11       2014385      1        5        46952        0.05   1        1        46952       46952.00    46952.00    0.00       
  12       2020786      1        4        35790        0.04   1        0        35790       35790.00    0.00        35790.00   
  13       2103159      1        4        59802        0.06   5        0        34872       11960.40    0.00        11960.40   
  14       2021151      1        1        259468       0.26   48       0        34752       5405.58     0.00        5405.58    
  15       2018377      1        3        1363850      1.34   63       0        32032       21648.41    0.00        21648.41   
  16       2022132      1        1        58326        0.06   2        0        31910       29163.00    0.00        29163.00   
  17       2018077      1        5        30244        0.03   1        0        30244       30244.00    0.00        30244.00   
  18       2020783      1        3        28770        0.03   1        0        28770       28770.00    0.00        28770.00   
  19       2020692      1        1        28000        0.03   1        0        28000       28000.00    0.00        28000.00   
  20       2020788      1        2        53938        0.05   2        0        27900       26969.00    0.00        26969.00   
  21       2018638      1        2        27494        0.03   1        0        27494       27494.00    0.00        27494.00   
  22       2103158      1        6        712982       0.70   136      0        27384       5242.51     0.00        5242.51    
  23       2020765      1        2        27220        0.03   1        0        27220       27220.00    0.00        27220.00   
  24       2021701      1        1        425738       0.42   79       0        26640       5389.09     0.00        5389.09    
  25       2013479      1        5        26392        0.03   1        1        26392       26392.00    26392.00    0.00       
  26       2020774      1        2        25540        0.03   1        0        25540       25540.00    0.00        25540.00   
  27       2022547      1        1        442028       0.43   86       0        24152       5139.86     0.00        5139.86    
  28       2018292      1        1        213828       0.21   40       0        24086       5345.70     0.00        5345.70    
  29       2024776      1        1        538180       0.53   94       0        23850       5725.32     0.00        5725.32    
  30       2024778      1        1        470522       0.46   86       0        22206       5471.19     0.00        5471.19    
  31       2009387      1        4        270430       0.27   47       0        22138       5753.83     0.00        5753.83    
  32       2024777      1        2        341886       0.34   63       0        21616       5426.76     0.00        5426.76    
  33       2015986      1        5        140742       0.14   25       0        21440       5629.68     0.00        5629.68    
  34       2021702      1        1        404958       0.40   79       0        21396       5126.05     0.00        5126.05    
  35       2014130      1        2        188002       0.18   37       0        20646       5081.14     0.00        5081.14    
  36       2014384      1        8        24074        0.02   2        0        19532       12037.00    0.00        12037.00   
  37       2020371      1        2        36874        0.04   2        0        19520       18437.00    0.00        18437.00   
  38       2018069      1        1        17122        0.02   1        0        17122       17122.00    0.00        17122.00   
  39       2018487      1        4        15636        0.02   1        0        15636       15636.00    0.00        15636.00   
  40       2019313      1        3        212474       0.21   39       0        8952        5448.05     0.00        5448.05    
  41       2024775      1        1        476606       0.47   94       0        8582        5070.28     0.00        5070.28    
  42       2020661      1        3        462296       0.45   85       0        8362        5438.78     0.00        5438.78    
  43       2100327      1        10       18360        0.02   3        0        7072        6120.00     0.00        6120.00    
  44       2102190      1        5        132886       0.13   26       0        6786        5111.00     0.00        5111.00    
  45       2018063      1        3        6266         0.01   1        0        6266        6266.00     0.00        6266.00    
  46       2021152      1        1        220112       0.22   46       0        5730        4785.04     0.00        4785.04    
  47       2102523      1        8        5662         0.01   1        0        5662        5662.00     0.00        5662.00    
  48       2102523      1        8        5622         0.01   1        0        5622        5622.00     0.00        5622.00    
  49       2018067      1        3        5510         0.01   1        0        5510        5510.00     0.00        5510.00    
  50       2018558      1        5        5384         0.01   1        0        5384        5384.00     0.00        5384.00    
  51       2018281      1        4        5370         0.01   1        0        5370        5370.00     0.00        5370.00    
  52       2017935      1        3        9868         0.01   2        0        5364        4934.00     0.00        4934.00    
  53       2019809      1        2        10558        0.01   2        0        5304        5279.00     0.00        5279.00    
  54       2021978      1        6        5274         0.01   1        0        5274        5274.00     0.00        5274.00    
  55       2008302      1        3        10160        0.01   2        0        5216        5080.00     0.00        5080.00    
  56       2008306      1        3        10174        0.01   2        0        5178        5087.00     0.00        5087.00    
  57       2103238      1        4        4972         0.00   1        0        4972        4972.00     0.00        4972.00    
  58       2018625      1        5        4502         0.00   1        0        4502        4502.00     0.00        4502.00    
  59       2022868      1        4        4484         0.00   1        0        4484        4484.00     0.00        4484.00    
  60       2021976      1        2        4444         0.00   1        0        4444        4444.00     0.00        4444.00    


packet_stats.log - (5062 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6          3231           619938      620718168     425219391       1373.9b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6          3231           113914       30362380        258500        835.2m   90.05
TMM_RECEIVEPCAPFILE         IPv4       6          3230             4434         185776          5203         16.8m    1.81
TMM_DECODEPCAPFILE          IPv4       6          3230             4574       21905296         23368         75.5m    8.14

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6          3230             4708        2684338          6421         20.7m  2.83  
stream                  IPv4       6          3231             4644        2814464          7456         24.1m  3.29  
detect                  IPv4       6          3231            76922       30314862        200284        647.1m  88.31 
tcp-prune               IPv4       6          3231             4450       23896184         12646         40.9m  5.58  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             2            88088         217436        152762        305.5k  4.54  
LOGGER_UNIFIED2             IPv4       6             2            80584         197214        138899        277.8k  4.12  
LOGGER_JSON_ALERT           IPv4       6             2           104404        6046798       3075601          6.2m  91.34 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6          2285             4514        6336770         23827        54.4m  45.11 
stream                            IPv4       6          2285             4422         694140         28991        66.2m  54.89 
Total                             IPv4                  4570                                         26409       120.7m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             2            23308         100912         62110        124.2k  0.02  
PROF_DETECT_RULES           IPv4       6          3231             4438       14287134         44203        142.8m  21.49 
PROF_DETECT_STATEFUL_CONT    IPv4       6          3231             4394         135968          5102         16.5m  2.48  
PROF_DETECT_PREFILTER       IPv4       6          3231            13414       11902330         74901        242.0m  36.42 
PROF_DETECT_PF_PAYLOAD      IPv4       6          2285            22806        6355840         67862        155.1m  23.34 
PROF_DETECT_PF_SORT1        IPv4       6           893             4420          42856          5135          4.6m  0.69  
PROF_DETECT_PF_SORT2        IPv4       6          3231             4420       11892910          8801         28.4m  4.28  
PROF_DETECT_NONMPMLIST      IPv4       6          3231             4414          67536          5072         16.4m  2.47  
PROF_DETECT_ALERT           IPv4       6          3231             4416        5458662          6805         22.0m  3.31  
PROF_DETECT_CLEANUP         IPv4       6          3231             4444        2675502          6062         19.6m  2.95  
PROF_DETECT_GETSGH          IPv4       6          3231             4414          90448          5252         17.0m  2.55  


suricata-4.0.0-etopen-all-alert-2019-08-21-T-23-04-15-08022019.1632-rdpTimeShift.pcap.txt - (358 bytes) - download
1
2
07/23/2019-04:52:55.380696  [**] [1:2001330:8] ET POLICY RDP connection confirm [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.54.130:3389 -> 192.168.54.1:60211
07/23/2019-04:53:08.918412  [**] [1:2001330:8] ET POLICY RDP connection confirm [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.54.130:3389 -> 192.168.54.1:60211


stats.log - (2463 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
------------------------------------------------------------------------------------
Date: 8/21/2019 -- 23:04:15 (uptime: 0d, 00h 00m 03s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 3230
decoder.bytes                              | Total                     | 3068249
decoder.ipv4                               | Total                     | 3230
decoder.ethernet                           | Total                     | 3230
decoder.tcp                                | Total                     | 3230
decoder.avg_pkt_size                       | Total                     | 949
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 1
tcp.sessions                               | Total                     | 1
tcp.syn                                    | Total                     | 1
tcp.synack                                 | Total                     | 1
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 5
detect.alert                               | Total                     | 2
detect.mpm_list                            | Total                     | 1
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 1
app_layer.flow.failed_tcp                  | Total                     | 1
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 1
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65535
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074592


eve.json - (746 bytes) - download
1
2
{"timestamp":"2019-07-23T04:52:55.380696+0000","flow_id":469347896635073,"pcap_cnt":6,"event_type":"alert","src_ip":"192.168.54.130","src_port":3389,"dest_ip":"192.168.54.1","dest_port":60211,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3}}
{"timestamp":"2019-07-23T04:53:08.918412+0000","flow_id":469347896635073,"pcap_cnt":58,"event_type":"alert","src_ip":"192.168.54.130","src_port":3389,"dest_ip":"192.168.54.1","dest_port":60211,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2001330,"rev":8,"signature":"ET POLICY RDP connection confirm","category":"Misc activity","severity":3},"app_proto":"failed"}


keyword_perf.log - (4873 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 8/21/2019 -- 23:04:15
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            27002           4               3               9954            6750.00         6556.00         7334.00        
  flow             5209360         1029            1029            74796           5062.00         5062.00         0.00           
  threshold        48276           2               0               43186           24138.00        0.00            24138.00       
  content          17538400        2808            61              2775306         6245.00         10607.00        6149.00        
  pcre             39338           2               0               34654           19669.00        0.00            19669.00       
  byte_jump        321172          54              0               23816           5947.00         0.00            5947.00        
  flowbits         5270950         1028            5               38342           5127.00         5527.00         5125.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            27002           4               3               9954            6750.00         6556.00         7334.00        
  flow             5209360         1029            1029            74796           5062.00         5062.00         0.00           
  flowbits         5254032         1025            2               38342           5125.00         5359.00         5125.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          17538400        2808            61              2775306         6245.00         10607.00        6149.00        
  pcre             39338           2               0               34654           19669.00        0.00            19669.00       
  byte_jump        321172          54              0               23816           5947.00         0.00            5947.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         16918           3               3               6792            5639.00         5639.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        48276           2               0               43186           24138.00        0.00            24138.00       


IDSDeathBlossom.py.log - (1154 bytes) - download
1
2
3
4
5
6
7
8
2019-08-21 23:04:04,447 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-08-21 23:04:05,310 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-08-21 23:04:05,310 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-08-21 23:04:05,311 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-08-21 23:04:05,311 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-08-21 23:04:05,311 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/243593a222454f6a302c7799f85d7cadd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/08022019.1632-rdpTimeShift.pcap -vvv -k none
2019-08-21 23:04:15,209 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-08-21 23:04:15,210 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 10.774091959