Filename: pcap.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 26.0317151546 seconds
Hash: 25fd01ae598369a63fce56e3c2dd32f3
Uploaded: 1568803934

Logfiles


suricata-4.0.0-etpro-all-perf.txt-2019-09-18-T-10-52-40-09182019.1052-pcap.pcap.txt - (57302 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 9/18/2019 -- 10:52:40. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2802991      1        5        17657314     3.07   8        0        17243212    2207164.25  0.00        2207164.25 
  2        2020569      1        1        10593948     1.84   4        0        10298846    2648487.00  0.00        2648487.00 
  3        2829848      1        2        10127330     1.76   73       0        6568372     138730.55   0.00        138730.55  
  4        2013419      1        4        6794724      1.18   73       0        2856238     93078.41    0.00        93078.41   
  5        2010142      1        4        3622498      0.63   150      0        2839508     24149.99    0.00        24149.99   
  6        2803027      1        6        3598762      0.62   29       0        1090396     124095.24   0.00        124095.24  
  7        2020181      1        8        3874646      0.67   73       0        350862      53077.34    0.00        53077.34   
  8        2021749      1        6        564266       0.10   2        0        307432      282133.00   0.00        282133.00  
  9        2802987      1        5        4892208      0.85   77       0        275668      63535.17    0.00        63535.17   
  10       2018464      1        4        588654       0.10   14       0        268418      42046.71    0.00        42046.71   
  11       2814978      1        2        423786       0.07   2        0        267580      211893.00   0.00        211893.00  
  12       2822213      1        2        388904       0.07   2        0        266214      194452.00   0.00        194452.00  
  13       2814979      1        2        377338       0.07   2        0        253146      188669.00   0.00        188669.00  
  14       2016855      1        2        248544       0.04   1        0        248544      248544.00   0.00        248544.00  
  15       2819930      1        2        827744       0.14   4        0        224278      206936.00   0.00        206936.00  
  16       2819664      1        2        856286       0.15   4        0        223804      214071.50   0.00        214071.50  
  17       2018316      1        4        420920       0.07   4        0        219922      105230.00   0.00        105230.00  
  18       2820157      1        2        1352952      0.23   8        0        203424      169119.00   0.00        169119.00  
  19       2820158      1        2        1456858      0.25   8        0        201664      182107.25   0.00        182107.25  
  20       2016854      1        3        188316       0.03   1        0        188316      188316.00   0.00        188316.00  
  21       2805348      1        4        2602738      0.45   30       0        186928      86757.93    0.00        86757.93   
  22       2015877      1        6        3763240      0.65   73       0        185848      51551.23    0.00        51551.23   
  23       2801930      1        7        2508532      0.44   31       0        182600      80920.39    0.00        80920.39   
  24       2823858      1        3        4559956      0.79   73       0        173234      62465.15    0.00        62465.15   
  25       2815182      1        3        4593878      0.80   73       0        170284      62929.84    0.00        62929.84   
  26       2827094      1        2        653942       0.11   5        0        165450      130788.40   0.00        130788.40  
  27       2823644      1        2        3573810      0.62   73       0        162740      48956.30    0.00        48956.30   
  28       2014442      1        6        5286266      0.92   73       0        162272      72414.60    0.00        72414.60   
  29       2019103      1        4        478962       0.08   14       0        157274      34211.57    0.00        34211.57   
  30       2805985      1        2        366718       0.06   4        0        155946      91679.50    0.00        91679.50   
  31       2807400      1        3        355844       0.06   4        0        153000      88961.00    0.00        88961.00   
  32       2804907      1        3        502046       0.09   7        0        149956      71720.86    0.00        71720.86   
  33       2816895      1        2        4525592      0.79   73       0        147548      61994.41    0.00        61994.41   
  34       2022914      1        1        246476       0.04   6        0        146920      41079.33    0.00        41079.33   
  35       2022050      1        3        369060       0.06   4        0        146902      92265.00    0.00        92265.00   
  36       2815220      1        2        4543654      0.79   73       0        145822      62241.84    0.00        62241.84   
  37       2024239      1        3        5357502      0.93   73       0        144782      73390.44    0.00        73390.44   
  38       2815568      1        2        4559796      0.79   73       0        142058      62462.96    0.00        62462.96   
  39       2018005      1        6        237180       0.04   2        0        141738      118590.00   0.00        118590.00  
  40       2801929      1        7        2441042      0.42   31       0        140578      78743.29    0.00        78743.29   
  41       2815868      1        2        6944768      1.21   73       0        140354      95133.81    0.00        95133.81   
  42       2816189      1        2        6983156      1.21   73       0        139198      95659.67    0.00        95659.67   
  43       2021954      1        2        468404       0.08   14       0        135642      33457.43    0.00        33457.43   
  44       2816647      1        2        134776       0.02   1        0        134776      134776.00   0.00        134776.00  
  45       2020963      1        2        3696166      0.64   73       0        134424      50632.41    0.00        50632.41   
  46       2018241      1        2        199054       0.03   14       0        133984      14218.14    0.00        14218.14   
  47       2018982      1        2        335966       0.06   4        0        132570      83991.50    0.00        83991.50   
  48       2022343      1        2        3815968      0.66   73       0        132532      52273.53    0.00        52273.53   
  49       2808234      1        1        332900       0.06   4        0        131674      83225.00    0.00        83225.00   
  50       2805803      1        4        2827854      0.49   73       0        127642      38737.73    0.00        38737.73   
  51       2827279      1        5        2914084      0.51   74       0        125732      39379.51    0.00        39379.51   
  52       2008575      1        5        9955500      1.73   1023     0        122546      9731.67     0.00        9731.67    
  53       2017552      1        6        20300656     3.53   774      0        122370      26228.24    0.00        26228.24   
  54       2823159      1        2        317510       0.06   3        0        121640      105836.67   0.00        105836.67  
  55       2009897      1        14       134354       0.02   4        0        120016      33588.50    0.00        33588.50   
  56       2014819      1        3        119264       0.02   1        0        119264      119264.00   0.00        119264.00  
  57       2023459      1        2        5016564      0.87   73       73       118656      68720.05    68720.05    0.00       
  58       2021381      1        7        117814       0.02   1        1        117814      117814.00   117814.00   0.00       
  59       2016537      1        2        18500740     3.21   700      0        114586      26429.63    0.00        26429.63   
  60       2021718      1        4        4342886      0.75   73       0        112896      59491.59    0.00        59491.59   
  61       2020083      1        3        3718798      0.65   73       0        112640      50942.44    0.00        50942.44   
  62       2823917      1        2        3661342      0.64   73       0        112022      50155.37    0.00        50155.37   
  63       2020860      1        4        2830492      0.49   73       0        107188      38773.86    0.00        38773.86   
  64       2019707      1        2        267824       0.05   3        0        107136      89274.67    0.00        89274.67   
  65       2821591      1        2        3586800      0.62   73       0        106996      49134.25    0.00        49134.25   
  66       2816850      1        3        304322       0.05   9        0        106398      33813.56    0.00        33813.56   
  67       2815180      1        3        4429044      0.77   73       0        105932      60671.84    0.00        60671.84   
  68       2017076      1        9        4329514      0.75   73       0        105824      59308.41    0.00        59308.41   
  69       2828060      1        4        3733884      0.65   73       0        105120      51149.10    0.00        51149.10   
  70       2021418      1        9        4198574      0.73   73       0        102814      57514.71    0.00        57514.71   
  71       2021552      1        2        3741544      0.65   73       0        102524      51254.03    0.00        51254.03   
  72       2822367      1        2        304904       0.05   9        0        102334      33878.22    0.00        33878.22   
  73       2011925      1        6        3574096      0.62   73       0        102062      48960.22    0.00        48960.22   
  74       2017948      1        2        3503190      0.61   73       0        101982      47988.90    0.00        47988.90   
  75       2823144      1        2        282322       0.05   3        0        101542      94107.33    0.00        94107.33   
  76       2021787      1        2        4246918      0.74   73       0        101090      58176.96    0.00        58176.96   
  77       2024606      1        2        3476994      0.60   73       0        100194      47630.05    0.00        47630.05   
  78       2008438      1        20       318016       0.06   4        0        99488       79504.00    0.00        79504.00   
  79       2020496      1        2        3684504      0.64   73       0        99038       50472.66    0.00        50472.66   
  80       2016706      1        20       4358100      0.76   73       0        98378       59700.00    0.00        59700.00   
  81       2811449      1        2        3729552      0.65   73       0        97756       51089.75    0.00        51089.75   
  82       2017556      1        3        4472760      0.78   73       0        97748       61270.68    0.00        61270.68   
  83       2017814      1        3        3671604      0.64   73       0        97544       50295.95    0.00        50295.95   
  84       2802822      1        1        356156       0.06   52       0        97524       6849.15     0.00        6849.15    
  85       2816165      1        5        4416864      0.77   74       0        97018       59687.35    0.00        59687.35   
  86       2010067      1        10       95822        0.02   1        0        95822       95822.00    0.00        95822.00   
  87       2828008      1        2        2827948      0.49   74       0        95296       38215.51    0.00        38215.51   
  88       2822482      1        6        3691280      0.64   73       0        95004       50565.48    0.00        50565.48   
  89       2812433      1        2        3524196      0.61   73       0        94132       48276.66    0.00        48276.66   
  90       2811905      1        3        4399308      0.76   73       0        93942       60264.49    0.00        60264.49   
  91       2807970      1        8        3754504      0.65   73       0        93542       51431.56    0.00        51431.56   
  92       2815181      1        3        4291742      0.75   73       0        93340       58790.99    0.00        58790.99   
  93       2024771      1        1        12498816     2.17   1113     0        93286       11229.84    0.00        11229.84   
  94       2021413      1        2        3772468      0.66   73       0        93246       51677.64    0.00        51677.64   
  95       2024452      1        3        3635294      0.63   73       0        92396       49798.55    0.00        49798.55   
  96       2018457      1        1        169672       0.03   2        0        91200       84836.00    0.00        84836.00   
  97       2816860      1        2        3836538      0.67   73       0        91188       52555.32    0.00        52555.32   
  98       2017261      1        3        3639556      0.63   73       0        91132       49856.93    0.00        49856.93   
  99       2013352      1        4        184486       0.03   14       0        90684       13177.57    0.00        13177.57   
  100      2020643      1        3        3764324      0.65   73       0        90282       51566.08    0.00        51566.08   
  101      2812526      1        2        3608638      0.63   73       0        90194       49433.40    0.00        49433.40   
  102      2018959      1        3        154516       0.03   14       1        90144       11036.86    90144.00    4951.69    
  103      2014189      1        3        3661252      0.64   73       0        89142       50154.14    0.00        50154.14   
  104      2809363      1        3        3595514      0.62   73       0        88638       49253.62    0.00        49253.62   
  105      2020964      1        2        3459734      0.60   73       0        88368       47393.62    0.00        47393.62   
  106      2018283      1        5        1653254      0.29   316      0        87916       5231.82     0.00        5231.82    
  107      2821471      1        2        3616650      0.63   73       0        87904       49543.15    0.00        49543.15   
  108      2815156      1        2        3590122      0.62   73       0        87254       49179.75    0.00        49179.75   
  109      2019094      1        5        3695706      0.64   73       0        87146       50626.11    0.00        50626.11   
  110      2020962      1        3        3584390      0.62   73       0        86972       49101.23    0.00        49101.23   
  111      2811826      1        7        3757132      0.65   73       0        86058       51467.56    0.00        51467.56   
  112      2804927      1        2        147192       0.03   2        0        86028       73596.00    0.00        73596.00   
  113      2827260      1        2        3521000      0.61   73       0        85772       48232.88    0.00        48232.88   
  114      2009909      1        10       100134       0.02   4        0        85182       25033.50    0.00        25033.50   
  115      2827240      1        2        3553928      0.62   73       0        84442       48683.95    0.00        48683.95   
  116      2807793      1        4        3557292      0.62   73       0        83824       48730.03    0.00        48730.03   
  117      2001330      1        8        3545030      0.62   657      0        83764       5395.78     0.00        5395.78    
  118      2804911      1        3        293168       0.05   4        0        83482       73292.00    0.00        73292.00   
  119      2020742      1        1        247208       0.04   4        0        83326       61802.00    0.00        61802.00   
  120      2809850      1        2        237866       0.04   6        0        83320       39644.33    0.00        39644.33   
  121      2813027      1        3        2645216      0.46   73       0        83124       36235.84    0.00        36235.84   
  122      2806802      1        2        1885298      0.33   52       0        82072       36255.73    0.00        36255.73   
  123      2823077      1        4        2968730      0.52   73       0        81652       40667.53    0.00        40667.53   
  124      2015744      1        4        91678        0.02   3        1        81250       30559.33    81250.00    5214.00    
  125      2826034      1        1        2

This file has been truncated. Go here to download in full.


suricata-report-2019-09-18-T-10-52-40-09182019.1052-pcap.pcap.txt - (17754 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/25fd01ae598369a63fce56e3c2dd32f356b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09182019.1052-pcap.pcap -vvv -k none
elapsedtime:25.013898
stderr:
stdout:
18/9/2019 -- 10:52:15 - <Info> - Configuration node 'rule-files' redefined.
18/9/2019 -- 10:52:15 - <Notice> - This is Suricata version 4.0.0 RELEASE
18/9/2019 -- 10:52:15 - <Info> - CPUs/cores online: 1
18/9/2019 -- 10:52:15 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32312 and 'request-body-inspect-window' set to 16323 after randomization.
18/9/2019 -- 10:52:15 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31754 and 'response-body-inspect-window' set to 16767 after randomization.
18/9/2019 -- 10:52:15 - <Config> - DNS request flood protection level: 500
18/9/2019 -- 10:52:15 - <Config> - DNS per flow memcap (state-memcap): 524288
18/9/2019 -- 10:52:15 - <Config> - DNS global memcap: 16777216
18/9/2019 -- 10:52:15 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
18/9/2019 -- 10:52:15 - <Config> - preallocated 1000 hosts of size 136
18/9/2019 -- 10:52:15 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
18/9/2019 -- 10:52:15 - <Config> - using magic-file /usr/share/file/magic
18/9/2019 -- 10:52:15 - <Config> - Core dump size is unlimited.
18/9/2019 -- 10:52:15 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
18/9/2019 -- 10:52:15 - <Config> - preallocated 1000 defrag trackers of size 168
18/9/2019 -- 10:52:15 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
18/9/2019 -- 10:52:15 - <Config> - stream "prealloc-sessions": 2048 (per thread)
18/9/2019 -- 10:52:15 - <Config> - stream "memcap": 33554432
18/9/2019 -- 10:52:15 - <Config> - stream "midstream" session pickups: disabled
18/9/2019 -- 10:52:15 - <Config> - stream "async-oneside": disabled
18/9/2019 -- 10:52:15 - <Config> - stream "checksum-validation": disabled
18/9/2019 -- 10:52:15 - <Config> - stream."inline": disabled
18/9/2019 -- 10:52:15 - <Config> - stream "bypass": disabled
18/9/2019 -- 10:52:15 - <Config> - stream "max-synack-queued": 5
18/9/2019 -- 10:52:15 - <Config> - stream.reassembly "memcap": 134217728
18/9/2019 -- 10:52:15 - <Config> - stream.reassembly "depth": 0
18/9/2019 -- 10:52:15 - <Config> - stream.reassembly "toserver-chunk-size": 2676
18/9/2019 -- 10:52:15 - <Config> - stream.reassembly "toclient-chunk-size": 2436
18/9/2019 -- 10:52:15 - <Config> - stream.reassembly.raw: enabled
18/9/2019 -- 10:52:15 - <Config> - stream.reassembly "segment-prealloc": 2048
18/9/2019 -- 10:52:15 - <Config> - Delayed detect disabled
18/9/2019 -- 10:52:15 - <Config> - pattern matchers: MPM: ac, SPM: bm
18/9/2019 -- 10:52:15 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
18/9/2019 -- 10:52:15 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
18/9/2019 -- 10:52:15 - <Config> - prefilter engines: MPM
18/9/2019 -- 10:52:15 - <Config> - IP reputation disabled
18/9/2019 -- 10:52:15 - <Perf> - Registered 148 keyword profiling counters.
18/9/2019 -- 10:52:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
18/9/2019 -- 10:52:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
18/9/2019 -- 10:52:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
18/9/2019 -- 10:52:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
18/9/2019 -- 10:52:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
18/9/2019 -- 10:52:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
18/9/2019 -- 10:52:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
18/9/2019 -- 10:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
18/9/2019 -- 10:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
18/9/2019 -- 10:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
18/9/2019 -- 10:52:21 - <Config> - No rules loaded from ET-icmp.rules.
18/9/2019 -- 10:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
18/9/2019 -- 10:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
18/9/2019 -- 10:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
18/9/2019 -- 10:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
18/9/2019 -- 10:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
18/9/2019 -- 10:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
18/9/2019 -- 10:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
18/9/2019 -- 10:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
18/9/2019 -- 10:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
18/9/2019 -- 10:52:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
18/9/2019 -- 10:52:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
18/9/2019 -- 10:52:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
18/9/2019 -- 10:52:24 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
18/9/2019 -- 10:52:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
18/9/2019 -- 10:52:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
18/9/2019 -- 10:52:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
18/9/2019 -- 10:52:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
18/9/2019 -- 10:52:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
18/9/2019 -- 10:52:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
18/9/2019 -- 10:52:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
18/9/2019 -- 10:52:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
18/9/2019 -- 10:52:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
18/9/2019 -- 10:52:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
18/9/2019 -- 10:52:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
18/9/2019 -- 10:52:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
18/9/2019 -- 10:52:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
18/9/2019 -- 10:52:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
18/9/2019 -- 10:52:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
18/9/2019 -- 10:52:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
18/9/2019 -- 10:52:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
18/9/2019 -- 10:52:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
18/9/2019 -- 10:52:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
18/9/2019 -- 10:52:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
18/9/2019 -- 10:52:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
18/9/2019 -- 10:52:29 - <Config> - No rules loaded from local.rules.
18/9/2019 -- 10:52:29 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
18/9/2019 -- 10:52:29 - <Info> - Threshold config parsed: 0 rule(s) found
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for tcp-packet
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for tcp-stream
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for udp-packet
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for other-ip
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_uri
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_request_line
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_client_body
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_response_line
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_header
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_header
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_header_names
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_header_names
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_accept
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_accept_enc
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_accept_lang
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_referer
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_connection
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_content_len
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_content_len
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_content_type
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_content_type
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_protocol
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_protocol
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_start
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_start
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_raw_header
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_raw_header
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_method
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_cookie
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_cookie
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_raw_uri
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_user_agent
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_host
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_raw_host
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_stat_msg
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_stat_code
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for dns_query
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for tls_sni
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for tls_cert_issuer
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for tls_cert_subject
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for tls_cert_serial
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for dce_stub_data
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for dce_stub_data
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for ssh_protocol
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for ssh_protocol
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for ssh_software
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for ssh_software
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for file_data
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for file_data
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_request_line
18/9/2019 -- 10:52:29 - <Perf> - using shared mpm ctx' for http_response_line
18/9/2019 -- 10:52:29 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
18/9/2019 -- 10:52:29 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
18/9/2019 -- 10:52:30 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
18/9/2019 -- 10:52:30 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
18/9/2019 -- 10:52:30 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
18/9/2019 -- 10:52:30 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
18/9/2019 -- 10:52:30 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
18/9/2019 -- 10:52:30 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
18/9/2019 -- 10:52:36 - <Perf> - Unique rule groups: 104
18/9/2019 -- 10:52:36 - <Perf> - Builtin MPM "toserver TCP packet": 35
18/9/2019 -- 10:52:36 - <Perf> - Builtin MPM "toclient TCP packet": 17
18/9/2019 -- 10:52:36 - <Perf> - Builtin MPM "toserver TCP stream": 33
18/9/2019 -- 10:52:36 - <Perf> - Builtin MPM "toclient TCP stream": 19
18/9/2019 -- 10:52:36 - <Perf> - Builtin MPM "toserver UDP packet": 27
18/9/2019 -- 10:52:36 - <Perf> - Builtin MPM "toclient UDP packet": 17
18/9/2019 -- 10:52:36 - <Perf> - Builtin MPM "other IP packet": 3
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_uri": 14
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_request_line": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_client_body": 6
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toclient http_response_line": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_header": 10
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toclient http_header": 6
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_header_names": 2
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_accept": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_referer": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_content_len": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_content_type": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toclient http_content_type": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_protocol": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_start": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_method": 5
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_cookie": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toclient http_cookie": 2
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver http_host": 2
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver dns_query": 4
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver tls_sni": 2
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toserver file_data": 1
18/9/2019 -- 10:52:36 - <Perf> - AppLayer MPM "toclient file_data": 7
18/9/2019 -- 10:52:38 - <Perf> - Registered 39590 rule profiling counters.
18/9/2019 -- 10:52:38 - <Info> - fast output device (regular) initialized: alert
18/9/2019 -- 10:52:38 - <Info> - eve-log output device (regular) initialized: eve.json
18/9/2019 -- 10:52:38 - <Config> - enabling 'eve-log' module 'alert'
18/9/2019 -- 10:52:38 - <Config> - enabling 'eve-log' module 'http'
18/9/2019 -- 10:52:38 - <Config> - enabling 'eve-log' module 'dns'
18/9/2019 -- 10:52:38 - <Config> - enabling 'eve-log' module 'tls'
18/9/2019 -- 10:52:38 - <Config> - enabling 'eve-log' module 'files'
18/9/2019 -- 10:52:38 - <Config> - enabling 'eve-log' module 'ssh'
18/9/2019 -- 10:52:38 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
18/9/2019 -- 10:52:38 - <Info> - stats output device (regular) initialized: stats.log
18/9/2019 -- 10:52:38 - <Config> - AutoFP mode using "Hash" flow load balancer
18/9/2019 -- 10:52:38 - <Info> - reading pcap file /var/pcap/09182019.1052-pcap.pcap
18/9/2019 -- 10:52:38 - <Config> - using 1 flow manager threads
18/9/2019 -- 10:52:38 - <Config> - us

This file has been truncated. Go here to download in full.


packet_stats.log - (16913 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             5        822011718     1229373944    1090624681          5.5b    0.37
 IPv4       2            14          6053862     1302607994     382997355          5.4b    0.36
 IPv4       6          2128          3355520     1347862556     638473435       1358.7b   91.95
 IPv4      17           171          6839522     1334878602     632716376        108.2b    7.32
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             5           125488         319712        221694          1.1m    0.07
TMM_FLOWWORKER              IPv4       2            14           132648         403942        173046          2.4m    0.16
TMM_FLOWWORKER              IPv4       6          2128           117868       25333944        637313          1.4b   88.50
TMM_FLOWWORKER              IPv4      17           171           204362       19164128        557735         95.4m    6.22
TMM_RECEIVEPCAPFILE         IPv4       1             5             4458           6066          5123         25.6k    0.00
TMM_RECEIVEPCAPFILE         IPv4       2            14             4446           7458          4948         69.3k    0.00
TMM_RECEIVEPCAPFILE         IPv4       6          2123             4432       21904740         25412         54.0m    3.52
TMM_RECEIVEPCAPFILE         IPv4      17           171             4438          19990          4873        833.3k    0.05
TMM_DECODEPCAPFILE          IPv4       1             5             4930          27698         11029         55.1k    0.00
TMM_DECODEPCAPFILE          IPv4       2            14             4556          20764          6223         87.1k    0.01
TMM_DECODEPCAPFILE          IPv4       6          2123             4548        5093136          9883         21.0m    1.37
TMM_DECODEPCAPFILE          IPv4      17           171             4576         354756          7728          1.3m    0.09

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             5             5250           6920          5743         28.7k  0.00  
flow                    IPv4       6          2123             4590         128622          6070         12.9m  0.94  
flow                    IPv4      17           171             4632          39390          6888          1.2m  0.09  
stream                  IPv4       6          2128             4694        1455644         16443         35.0m  2.56  
app-layer               IPv4      17           171             4434         137040         11074          1.9m  0.14  
detect                  IPv4       1             5           105160         298524        192556        962.8k  0.07  
detect                  IPv4       2            14           123158         393318        162856          2.3m  0.17  
detect                  IPv4       6          2128            77238       25265580        571888          1.2b  88.89 
detect                  IPv4      17           171           176608       19105682        501483         85.8m  6.26  
tcp-prune               IPv4       6          2128             4444         118754          5717         12.2m  0.89  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             4             6136          19910         11188         44.8k  7.33  
http                    IPv4      17             3            52182          71350         59586        178.8k  29.26 
tls                     IPv4       6             3             4630           5272          5018         15.1k  2.46  
dns                     IPv4      17            33             5690          60698         11282        372.3k  60.95 
Proto detect            IPv4      17            41             4902          62024         12403        508.6k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             3            93770         127964        107226        321.7k  1.68  
LOGGER_UNIFIED2             IPv4       6             3           106764         146586        125299        375.9k  1.96  
LOGGER_JSON_ALERT           IPv4       6             3           123316         162972        142236        426.7k  2.23  
LOGGER_JSON_DNS             IPv4      17            26            39082         678356        104634          2.7m  14.20 
LOGGER_JSON_HTTP            IPv4       6            74            52866         238038        101348          7.5m  39.15 
LOGGER_JSON_TLS             IPv4       6             2            52572          89592         71082        142.2k  0.74  
LOGGER_JSON_FILE            IPv4       6            74            66798         206912        103659          7.7m  40.04 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             5            12816          43736         23964       119.8k  0.05  
payload                           IPv4       6          1444             4496        7604810         32576        47.0m  20.47 
payload                           IPv4      17           171             5164         227110         28999         5.0m  2.16  
stream                            IPv4       6          1444             4428        7744752         42166        60.9m  26.49 
http_uri                          IPv4       6            74            17628         207768         32741         2.4m  1.05  
http_request_line                 IPv4       6            74             6418          37136          9063       670.7k  0.29  
http_client_body                  IPv4       6            74             4790           7770          5610       415.2k  0.18  
http_header (request)             IPv4       6            74            16366         175846         32972         2.4m  1.06  
http_header (request trailer)     IPv4       6            74             4486          38896          5527       409.0k  0.18  
http_header_names (request)       IPv4       6            74             9972          51220         16576         1.2m  0.53  
http_accept (request)             IPv4       6            74             4956          20254          6069       449.1k  0.20  
http_referer (request)            IPv4       6            74             4666          25930          5632       416.8k  0.18  
http_content_len (request)        IPv4       6            74             4764          41028          5830       431.5k  0.19  
http_content_type (request)       IPv4       6            74             4714           8762          5129       379.6k  0.17  
http_protocol (request)           IPv4       6            74             5478           9918          6633       490.9k  0.21  
http_start (request)              IPv4       6            74             8912          38908         14271         1.1m  0.46  
http_raw_header (request)         IPv4       6            74            11798          48638         15858         1.2m  0.51  
http_method                       IPv4       6            74             5836          30030          7966       589.6k  0.26  
http_cookie (request)             IPv4       6            74             4710           7180          5108       378.0k  0.16  
http_raw_uri                      IPv4       6            74             5960          51926          8966       663.5k  0.29  
http_user_agent                   IPv4       6            74             6366          40626          9993       739.5k  0.32  
http_host                         IPv4       6            74             6552          24332         10794       798.8k  0.35  
dns_query                         IPv4      17            13            10342          86668         35687       463.9k  0.20  
tls_sni                           IPv4       6             3             6768          22346         14251        42.8k  0.02  
http_response_line                IPv4       6            74             6854         127442         13226       978.8k  0.43  
http_header (response)            IPv4       6            74            19104         132656         38206         2.8m  1.23  
http_header (response trailer)    IPv4       6            74             4488          28930          5113       378.4k  0.16  
http_content_type (response)      IPv4       6            74             8018          33886         11282       834.9k  0.36  
http_raw_header (response)        IPv4       6          1113             5654         403988          7687         8.6m  3.72  
http_cookie (response)            IPv4       6            74             4910          41992          6308       466.8k  0.20  
http_stat_code                    IPv4       6            74             5038          30594          7325       542.1k  0.24  
tls_cert_issuer                   IPv4       6             2            12598          13026         12812        25.6k  0.01  
tls_cert_subject                  IPv4       6             2             9830          12188         11009        22.0k  0.01  
tls_cert_serial                   IPv4       6             2             7722           9322          8522        17.0k  0.01  
file_data (http response)         IPv4       6          1039             4454        7530066         83266        86.5m  37.64 
Total                             IPv4                  7014                                         32767       229.8m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             3            21188         169298         77991        234.0k  0.01  
PROF_DETECT_IPONLY          IPv4       2            14            41664         299426         73557          1.0m  0.06  
PROF_DETECT_IPONLY          IPv4       6             8            12748         325064        133746          1.1m  0.06  
PROF_DETECT_IPONLY          IPv4      17            44             9828         193530         66682          2.9m  0.17  
PROF_DETECT_RULES           IPv4       1             5             4452          67278         22467        112.3k  0.01  
PROF_DETECT_RULES           IPv4       2            14             4428           5754          4613         64.6k  0.00  
PROF_DETECT_RULES           IPv4       6          2128             4412       17478656        301224        641.0m  37.69 
PROF_DETECT_RULES           IPv4      17           171            76772        3005274        225258         38.5m  2.26  
PROF_DETECT_STATEFUL_START    IPv4       6           966             8882        6748900        230293        222.5m  13.08 
PROF_DETECT_STATEFUL_CONT    IPv4       1             5             4808           5210          4915         24.6k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       2            14             4410           5864          4635         64.9k  0.00  
PROF_DETECT_STATEFUL_CONT    IPv4       6          2128             4424         466990         24349         51.8m  3.05  
PROF_DETECT_STATEFUL_CONT    IPv4      17           171             4404          74598          6577          1.1m  0.07  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6          2112             4436          39692          5174         10.9m  0.64  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            26             4610           6530          5183        134.8k  0.01  
PROF_DETECT_PREFILTER       IPv4       1             5            40382          88208         58681        293.4k  0.02  
PROF_DETECT_PREFILTER       IPv4       2            14            13568          26446         15760        220.6k  0.01  
PROF_DETECT_PREFILTER       IPv4       6          2128            13564        7870516        160910        342.4m  20.13 
PROF_DETECT_PREFILTER       IPv4      17           171            41038       18888346        183703         31.4m  1.85  
PROF_DETECT_PF_PAYLOAD      IPv4       1             5            22072          53902         33542        167.7k  0.01  
PROF_DETECT_PF_PAYLOAD      IPv4       6          1444            22768        7794768         89553        129.3m  7.60  
PROF_DETECT_PF_PAYLOAD      IPv4      17           171            14018         236020         38756          6.6m  0.39  
PROF_DETECT_PF_TX           IPv4       6          2112             4454        7559004         70182        148.2m  8.72  
PROF_DETECT_PF_TX           IPv4      17            13            20004          96474         45844        596.0k  0.04  
PROF_DETECT_PF_SORT1        IPv4       1             2             4570           5514          5042         10.1k  0.00  
PROF_DETECT_PF_SORT1        IPv4       6           910             4452          42206          6861          6.2m  0.37  
PROF_DETECT_PF_SORT1        IPv4      17           171             4486          27976          5811        993.8k  0.06  
PROF_DETECT_PF_SORT2        IPv4       1             5             4460           6354          5141         25.7k  0.00  
PROF_DETECT_PF_SORT2        IPv4       2            14             4412           5672          4644         65.0k  0.00  
PROF_DETECT_PF_SORT2        IPv4       6          2128             4404          45078          5426         11.5m  0.68  
PROF_DETECT_PF_SORT2        IPv4      17           171             4448          25016          5356        916.0k  0.05  
PROF_DETECT_NONMPMLIST      IPv4       1             5             4828           5224          4931         24.7k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       2            14             4412           5868          4768         66.8k  0.00  
PROF_DETECT_NONMPMLIST      IPv4       6          2128             4416          40156          5252         11.2m  0.66  
PROF_DETECT_NONMPMLIST      IPv4      17           171             4418          67316          5727        979.4k  0.06  
PROF_DETECT_ALERT           IPv4       1             5             4418           4906          4660         23.3k  0.00  
PROF_DETECT_ALERT           IPv4       2            14             4426           8014          4803         67.2k  0.00  
PROF_DETECT_ALERT           IPv4       6          2128             4414         172200          5328         11.3m  0.67  
PROF_DETECT_ALERT           IPv4      17           171             4418          36822          5547        948.7k  0.06  
PROF_DETECT_CLEANUP         IPv4       1             5             4502           4740          4606         23.0k  0.00  
PROF_DETECT_CLEANUP         IPv4       2            14             4420           6440          4654         65.2k  0.00  
PROF_DETECT_CLEANUP         IPv4       6          2128             4480          44746          5418         11.5m  0.68  
PROF_DETECT_CLEANUP         IPv4      17           171             4412          27108

This file has been truncated. Go here to download in full.


unified2.alert.1568803958 - (11057 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
4]w
ØùµÃÀ¨8e[ëtÂÀP¨]w]w
ØùŒE~ð¿À¨8e[ëtÂÀPPMrGET /back.jpg HTTP/1.1
User-Agent: SampleConn
Host: www.helpdesk-mailservice.com

4]wÅΏ![ëtÂÀ¨8ePÀ]w]wŁEsìÊ[ëtÂÀ¨8ePÀP%¯ujmVè÷ÿÿƒÄ‹Æ_^[]ËujVè÷ÿÿƒÄ‹Æ_^[]ËujnVèòöÿÿƒÄ‹Æ_^[]ËujpVèÝöÿÿƒÄ‹Æ_^[]ËujqVèÈöÿÿƒÄ‹Æ_^[]ËujsVè³öÿÿƒÄ‹Æ_^[]ËujtVèžöÿÿƒÄ‹Æ_^[]ËujuVè‰öÿÿƒÄ‹Æ_^[]ËujvVètöÿÿƒÄ‹Æ_^[]ËujwVè_öÿÿƒÄ‹Æ_^[]Ëuj{VèJöÿÿƒÄ‹Æ_^[]Ëuj~Vè5öÿÿƒÄ‹Æ_^[]Ëuh€VèöÿÿƒÄ‹Æ_^[]Ëuh‚VèöÿÿƒÄ‹Æ_^[]Ëuh‡VèíõÿÿƒÄ‹Æ_^[]ËuhˆVèÕõÿÿƒÄ‹Æ_^[]ËuhŠVè½õÿÿƒÄ‹Æ_^[]ËuhŒVè¥õÿÿƒÄ‹Æ_^[]Ãè¦ôÿÿ‹}S‰‹ð‹Î‹‹Rÿ҈G‹Ç‰w_^[]Ãj|@ý|@è|@{}@l~@}@<}@”|@f}@Q}@Þ}@'}@Ó|@|@©|@%~@¾|@µ€@	





ó}@l~@Þ}@µ€@fÕ~@l~@>@}@{}@€@h@À~@%€@)@’@m€@û@U€@=€@«~@~@–~@§@Ñ@¼@ê~@@æ@}@€@…€@ÿ~@©|@S@µ€@	

ÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìÿuÿuè2ùÿÿ‹EƒÄ]ÂÌÌÌÌÌÌÌÌU‹ìQÿuÇEüÿuèJ÷ÿÿ‹EƒÄ‹å]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìÿuÿuÿuèïõÿÿƒÄ]ÂÌÌÌÌÌÌÌÌVW‹ùwÇ81G‹Fƒør@‹ÎPÿ6è0ÆÇF]w]wŁEsìÊ[ëtÂÀ¨8ePÀP%(ƒ~ÇFr‹6GÆPǨóF謦ƒÄ_^ÃÌÌU‹ìVW‹ùwÇ81G‹Fƒør@‹ÎPÿ6èÝÅÇFƒ~ÇFr‹6GÆPǨóFèY¦ƒÄöEtj0WèƒÄ‹Ç_^]ÂÌÌÌÌÌÌÌÌÌU‹ìjÿh8¤Fd¡Pƒì$¡°H3ʼnEìSVWPEôd£‰eð‹ñƒ~(‰uÐ…}ÇEü‹V…Òt	€:u	3Éëº8ÌG‹ÊyfŠA„Àuù+ÏQRN轺ƒ~(tjhxÌGN舽EÔPNè|ñÿÿjÿjPNÆEü蛾‹Eèƒør
@MÔPÿuÔèÖă~,Fr‹‹Môd‰
Y_^[‹Mì3Íè¾ÿ‹å]ËEй8ÌG‹@…ÀEȸ
…@‰MÐËEÐëÆÌU‹ìjÿhy¤Fd¡PƒìSVW¡°H3ÅPEôd£‹ùÇEì‹uÇFÇFÇFƒ~ÇFr‹ë‹ÆÆÇEü‹_ÇEì…Ût0‹Gƒør‹‰Mðë‰}ðƒør‹?ènP‹EðVXQWècƒÄ‹Æ‹Môd‰
Y_^[‹å]ÂÌÌÌÌÌÌV‹ñ‹Fƒør	@Pÿ6èÁÇFƒ~ÇFr	‹3É^f‰Ã3Àf‰^ÃÌÌÌÌÌÌÌÌVW‹ùÇ°1G‹w0…öt"ƒÈÿðÁƒÀÿu…öt‹ÎèhjLVèӃčwÇ81G‹Fƒør@‹ÎPÿ6èAÃÇFƒ~ÇFr‹6GÆPǨóFè½£ƒÄ_^ÃÌÌÌU‹ìjÿh°¤Fd¡Pƒì<¡°H3ʼnEìSVWPEôd£‰eð‹ñ‹~0‰u¸…ÿu
èAýÿÿé+ÇEüƒD…‹Îè$ýÿÿ‹Ð€:u3Éë‹ÊY@ŠA„Àuù+ËQRO4è-¸‹N0ƒyt]jh0ÐGƒÁ4èõº‹N0E¼PƒÁèÖýÿÿjÿÆEü‹N0jPƒÁ4è¼ÆEü‹EЃør
@M¼Pÿu¼è9‹N0jh4ÐGƒÁ4觺‹N0ƒy,tojh8ÐGƒÁ4菺‹N0EÔPƒÁèpýÿÿjÿÆEü‹N0jPƒÁ4蜻ÆEü‹Eèƒør
]w]wŁEsìÊ[ëtÂÀ¨8ePÀP?Ö@MÔPÿuÔèÓÁ‹N0jh4ÐGƒÁ4ÇEèÇEäÆEÔè/º‹F0ƒÀ4ƒxr‹‹Môd‰
Y_^[‹Mì3Íè”ü‹å]ËM¸èíûÿÿ‰E¸¸,ˆ@ËE¸ëÎÌÌÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìV‹ñèÅýÿÿöEtj4V躃ċÆ^]ÂÌÌÌÌÌÌÌÌÌÌÌÌÌU‹ìjÿhà¤Fd¡PƒìV¡°H3ÅPEôd£‹ñF,PEèPèëf‹FƒÄƒør
@NPÿvè3¾ÇFƒ~ÇFr‹F3Éf‰‹Môd‰
Y^‹å]Ã3Àf‰F‹Môd‰
Y^‹å]ÃÌU‹ìjÿh¥Fd¡PQVW¡°H3ÅPEôd£‹ù‰}ðj0èõÿ‹ðƒÄÇÇFÇFƒ~r‹FëF3Éf‰¸‰NÇF ÿÿ‰N$ÇF(ÿÿ‰N,‰7ðÁQÿu‰MüWèDjƒÄ‹Ç‹Môd‰
Y_^‹å]ÂÌÌÌÌÌÌÌÌÌÌÌÌU‹ìjÿh0¥Fd¡PƒìVW¡°H3ÅPEôd£‹ùh˜óFj0ètÿ‹ÐƒÄ…Òt3Ç3ÀÇBÇBf‰B‰BÇB ÿÿ‰B$ÇB(ÿÿ‰B,ë3҉…Òt	¸ðÁƒ?u-è„ëÿÿ‹ðÇEèj‹Î‹‹Rÿ҈Eì‹Eó~Eèf։pëÿuÿuWè`iƒÄ‹Ç‹Môd‰
Y_^‹å]ÂÌÌÌÌÌÌÌ̋…ÀtPè„YÃÌÌU‹ìjÿhÅ¥Fd¡Pìü¡°H3ʼnEðSVPEôd£èMi¹°ìH‹‹@·ÇðñH @ÇôñHaBè(×ÿÿjdjhíHèz¯ƒÄèRÖÿÿ…ÀþÿÿDžÀþÿÿdP…(ÿÿÿPÿðF3ÀDžôþÿÿDžðþÿÿf‰…àþÿÿf9…(ÿÿÿu3É덍(ÿÿÿQf‹ƒÁf…Àuõ+ÊÑùQ…(ÿÿÿPàþÿÿè®ÇEüøþÿÿj3ÀDžÿÿÿh<ÐGDžÿÿÿf‰…øþÿÿè譃ìÆEüøüÿÿè&kƒìÆEüýÿÿèkƒìÆEü(þÿÿèkÆEüøüÿÿÿ5ÜíHè½sÿ5àíH]w]wŁEsìÊ[ëtÂÀ¨8ePÀP—týÿÿè¬sÿ5äíH(þÿÿè›s…ÿÿÿPøüÿÿèÙijÿjPøþÿÿÆEüè%ÝÆEü‹…$ÿÿÿƒør@ÿÿÿPÿµÿÿÿ胺jh\ÐGøþÿÿèÁۍ…ÿÿÿPýÿÿèijÿjPøþÿÿÆEüèËÜÆEü‹…$ÿÿÿƒør@ÿÿÿPÿµÿÿÿè)ºjh`ÐGøþÿÿègۍ…ÿÿÿP(þÿÿè%ijÿjPøþÿÿÆEüèqÜÆEü‹…$ÿÿÿƒør@ÿÿÿPÿµÿÿÿèϹjhdÐGøþÿÿè
Ûjÿj…øþÿÿPàþÿÿè'܍•àþÿÿÿÿÿèf
‹Èƒyr‹	ºíH€·If‰Rf…Àu$ÿÿÿƒør@ÿÿÿPÿµÿÿÿèQ¹…ÄþÿÿDžÄþÿÿP3öVÿðFƒøouÿµÄþÿÿèÐrƒÄ‹ð…ÄþÿÿPVÿðF…ö…ß3ÀDžÜþÿÿ‰µØþÿÿf‰…Èþÿÿf9íHu3Éë¹íHQf‹ƒÁf…Àuõ+ÊÑùQhíHÈþÿÿèn«…ÈþÿÿÆEüP…ÿÿÿPè×ô‹Èƒyr‹	º°ìHŠIˆR„Àuò‹…$ÿÿÿƒør@ÿÿÿPÿµÿÿÿè»ÆEü‹…ÜþÿÿDž$ÿÿÿDž ÿÿÿƅÿÿÿƒørW@ÈþÿÿPÿµÈþÿÿè/¸ëB¶†™P¶†˜P¶†—P¶†–P¶†•P¶†”PhhÐGh°ìHè^œÿÿƒÄ ÇüñHða@¹°ìHÇòHb@‹8ñHÿЍxþÿÿÇòHð¡@ÇòH@µ@ÇòHP§@ÇòHPª@ÇòHpÅ@ÇòH ¤@èÂf…xþÿÿÆEü	PDžxþÿÿðÿFèL
ƒÄàýÿÿèšf…àýÿÿÆEü
PDžàýÿÿðÿFè$
ƒÄHýÿÿèrf…HýÿÿÆEüPDžHýÿÿðÿFèü‹…ÿÿÿƒÄƒør@øþÿÿPÿµøþÿÿè÷¶‹ôþÿÿ3ÀDžÿÿÿDžÿÿÿf‰…øþÿÿƒùrAQÿµàþÿÿàþÿÿ輶¸°ìH‹Môd‰
Y^[‹Mð3Íè[ô‹å]Â4]wXÍÂ[ëtÂÀ¨8ePÀ]w]wX́EsìÊ[ëtÂÀ¨8ePÀPmëŸXŸpŸ˜Ÿ®ŸŸ؟* Àž°ž ž¥LoadLibraryAGetProcAddressPReadFile3HeapFree	GetCurrentProcessáWriteFileIInitializeCriticalSectionExÂCreateFileW8HeapSizeÑMultiByteToWideCharšFormatMessageWPGetLastErrorGlobalFree6HeapReAllocCloseHandle@RaiseException/HeapAllocþDecodePointer²LocalFree;GetFileSizeDeleteCriticalSection¢GetProcessHeapgGetModuleHandleWÍWideCharToMultiByte™FormatMessageAfGetModuleHandleExWžVirtualFree›VirtualAlloc^IsBadReadPtr…UnmapViewOfFileêWriteProcessMemoryaTerminateProcessTExpandEnvironmentStringsA¨ResumeThreadbTerminateThreadäGetThreadContextœVirtualAllocEx×CreateProcessA,SetThreadContextKERNEL32.dll{wsprintfWéEndPaintBeginPaintWUpdateWindow²DialogBoxParamWqPostQuitMessage!LoadCursorW#LoadIconW?TranslateMessage=TranslateAcceleratorWSetTimerµDispatchMessageW0LoadStringWLoadAcceleratorsW‰RegisterClassExWçEndDialogqCreateWindowExW­DestroyWindow¡DefWindowProcWsGetMessageWUSER32.dllzGetUserNameW]w]wX́EsìÊ[ëtÂÀ¨8ePÀP9€ADVAPI32.dll7ShellExecuteWCShell_NotifyIconWSHELL32.dllOCoInitializeôIIDFromStringCCoGetObjectole32.dll$WinHttpQueryDataAvailable	WinHttpCrackUrlWinHttpConnect0WinHttpSetTimeouts+WinHttpSendRequest9WinHttpWriteDataWinHttpGetProxyForUrlWinHttpGetIEProxyConfigForCurrentUserWinHttpCloseHandle.WinHttpSetOptionWinHttpOpenRequest'WinHttpReadData%WinHttpQueryHeadersWinHttpAddRequestHeadersWinHttpOpen(WinHttpReceiveResponseWINHTTP.dllþNetWkstaGetInfoYNetApiBufferFreeNETAPI32.dll>GetAdaptersInfoIPHLPAPI.DLL%EnterCriticalSection¢LeaveCriticalSectionðSetEvent¢ResetEvent¬WaitForSingleObjectEx¶CreateEventWKInitializeSListHead‚UnhandledExceptionFilterCSetUnhandledExceptionFiltermIsProcessorFeaturePresentgIsDebuggerPresent¾GetStartupInfoW-QueryPerformanceCounter
GetCurrentProcessIdGetCurrentThreadIdÖGetSystemTimeAsFileTimeÅGetStringTypeW!EncodePointerSetLastErrorHInitializeCriticalSectionAndSpinCountsTlsAllocuTlsGetValuevTlsSetValuetTlsFree“CompareStringW–LCM]w]wX́EsìÊ[ëtÂÀ¨8ePÀP(îapStringWTGetLocaleInfoW³GetCPInfoúOutputDebugStringWhFindClosesFindFirstFileWFindNextFileW5GetFileAttributesWêSetEndOfFileýSetFilePointerExDeviceIoControlAreFileApisANSIWInterlockedPushEntrySListžFreeLibrary§LoadLibraryExW­RtlUnwindÈGetCommandLineAÉGetCommandLineWQExitProcesscGetModuleFileNameWÀGetStdHandle¤GetACP>GetFileTypeÜGetConsoleCPîGetConsoleModeGetDateFormatW÷GetTimeFormatWtIsValidLocaleüGetUserDefaultLCIDGEnumSystemLocalesWnFindFirstFileExWrIsValidCodePage†GetOEMCP'GetEnvironmentStringsWFreeEnvironmentStringsWíSetEnvironmentVariableA"SetStdHandle’FlushFileBuffersùGetTimeZoneInformationàWriteConsoleWNReadConsoleW€ÿÿÿÿ±¿DNæ@»ÿÿÿÿ
Copyright (c) by P.J. Plauger, licensed by Dinkumware, Ltd. ALL RIGHTS RESERVED.”2G˜2GÔ2Gÿÿÿÿ “..аH$âH$âH$âH$âH$âH$âH$â]w]wX́EsìÊ[ëtÂÀ¨8ePÀPâxH$âH$âHÔ°H(âH(âH(âH(âH(âH(âH(âHØ°H   äDGèGGâDGÿÿÿÿèGG¸²H¸²H¸²H¸²H¸²HØ°HhJGèKG\Gø±HðµHCÿÿÿÿ€


¤`‚y‚!¦ß¡¥Ÿàü@~€ü¨Á£Ú£ þ@þµÁ£Ú£ þAþ¶Ï¢ä¢å¢è¢[þ@~¡þQQÚ^Ú _ÚjÚ2ÓØÞàù1~þ                          abcdefghijklmnop]w]wX́EsìÊ[ëtÂÀ¨8ePÀP©qrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ                          abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZðµHþÿÿÿPSTPDT ¸H`¸Hÿÿÿÿÿÿÿÿ


stats.log - (2995 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
------------------------------------------------------------------------------------
Date: 9/18/2019 -- 10:52:40 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 2339
decoder.bytes                              | Total                     | 1504561
decoder.ipv4                               | Total                     | 2313
decoder.ethernet                           | Total                     | 2339
decoder.tcp                                | Total                     | 2123
decoder.udp                                | Total                     | 171
decoder.icmpv4                             | Total                     | 5
decoder.avg_pkt_size                       | Total                     | 643
decoder.max_pkt_size                       | Total                     | 1153
flow.tcp                                   | Total                     | 4
flow.udp                                   | Total                     | 31
tcp.sessions                               | Total                     | 4
tcp.syn                                    | Total                     | 4
tcp.synack                                 | Total                     | 4
tcp.rst                                    | Total                     | 3
detect.alert                               | Total                     | 3
detect.mpm_list                            | Total                     | 8
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 8
app_layer.flow.http                        | Total                     | 2
app_layer.tx.http                          | Total                     | 74
app_layer.flow.tls                         | Total                     | 2
app_layer.flow.dns_udp                     | Total                     | 13
app_layer.tx.dns_udp                       | Total                     | 13
app_layer.flow.failed_udp                  | Total                     | 18
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 7
flow_mgr.flows_notimeout                   | Total                     | 7
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65529
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7078912


eve.json - (85774 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
{"timestamp":"2019-09-18T00:14:57.100452+0000","flow_id":710273623230564,"pcap_cnt":96,"event_type":"dns","src_ip":"192.168.56.101","src_port":60992,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":26119,"rrname":"www.helpdesk-mailservice.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-18T00:14:57.747027+0000","flow_id":710273623230564,"pcap_cnt":99,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.101","dest_port":60992,"proto":"UDP","dns":{"type":"answer","id":26119,"rcode":"NOERROR","rrname":"www.helpdesk-mailservice.com","rrtype":"A","ttl":0,"rdata":"91.235.116.194"}}
{"timestamp":"2019-09-18T00:14:57.907513+0000","flow_id":915942427159072,"pcap_cnt":107,"event_type":"alert","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"91.235.116.194","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2012611,"rev":5,"signature":"ET USER_AGENTS Suspicious User-Agent Sample","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-09-18T00:14:58.050456+0000","flow_id":915942427159072,"pcap_cnt":151,"event_type":"alert","src_ip":"91.235.116.194","src_port":80,"dest_ip":"192.168.56.101","dest_port":49173,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018959,"rev":3,"signature":"ET POLICY PE EXE or DLL Windows file download HTTP","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-09-18T00:14:58.415949+0000","flow_id":915942427159072,"pcap_cnt":804,"event_type":"alert","src_ip":"91.235.116.194","src_port":80,"dest_ip":"192.168.56.101","dest_port":49173,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2015744,"rev":4,"signature":"ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging)","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2019-09-18T00:14:58.648124+0000","flow_id":44817832928188,"pcap_cnt":1624,"event_type":"dns","src_ip":"192.168.56.101","src_port":60082,"dest_ip":"192.168.56.1","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49433,"rrname":"194.116.235.91.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-18T00:14:58.712835+0000","flow_id":915942427159072,"pcap_cnt":1767,"event_type":"http","src_ip":"192.168.56.101","src_port":49173,"dest_ip":"91.235.116.194","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.helpdesk-mailservice.com","url":"\/back.jpg","http_user_agent":"SampleConn","http_content_type":"image\/jpeg"}}
{"timestamp":"2019-09-18T00:14:59.638473+0000","flow_id":1193639980285449,"pcap_cnt":1775,"event_type":"dns","src_ip":"192.168.56.101","src_port":60082,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49433,"rrname":"194.116.235.91.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-18T00:14:59.695537+0000","flow_id":1193639980285449,"pcap_cnt":1776,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.101","dest_port":60082,"proto":"UDP","dns":{"type":"answer","id":49433,"rcode":"NOERROR","rrname":"194.116.235.91.in-addr.arpa","rrtype":"PTR","ttl":708,"rdata":"s18-116-194.thcservers.com"}}
{"timestamp":"2019-09-18T00:14:59.706668+0000","flow_id":1834854975260780,"pcap_cnt":1777,"event_type":"dns","src_ip":"192.168.56.101","src_port":58854,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":10911,"rrname":"8.8.8.8.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-18T00:14:59.763616+0000","flow_id":1834854975260780,"pcap_cnt":1778,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.101","dest_port":58854,"proto":"UDP","dns":{"type":"answer","id":10911,"rcode":"NOERROR","rrname":"8.8.8.8.in-addr.arpa","rrtype":"PTR","ttl":21528,"rdata":"dns.google"}}
{"timestamp":"2019-09-18T00:15:00.695606+0000","flow_id":993363507846454,"pcap_cnt":1779,"event_type":"dns","src_ip":"192.168.56.101","src_port":62758,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":61917,"rrname":"capturepic.biz","rrtype":"A","tx_id":0}}
{"timestamp":"2019-09-18T00:15:00.776322+0000","flow_id":993363507846454,"pcap_cnt":1780,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.101","dest_port":62758,"proto":"UDP","dns":{"type":"answer","id":61917,"rcode":"NOERROR","rrname":"capturepic.biz","rrtype":"A","ttl":14399,"rdata":"46.21.144.100"}}
{"timestamp":"2019-09-18T00:15:00.908584+0000","flow_id":1342986730665355,"pcap_cnt":1789,"event_type":"http","src_ip":"192.168.56.101","src_port":49174,"dest_ip":"46.21.144.100","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html"}}
{"timestamp":"2019-09-18T00:15:00.958519+0000","flow_id":446607728615479,"pcap_cnt":1790,"event_type":"dns","src_ip":"192.168.56.101","src_port":65401,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":6159,"rrname":"100.144.21.46.in-addr.arpa","rrtype":"PTR","tx_id":0}}
{"timestamp":"2019-09-18T00:15:01.177790+0000","flow_id":446607728615479,"pcap_cnt":1793,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.101","dest_port":65401,"proto":"UDP","dns":{"type":"answer","id":6159,"rcode":"NOERROR","rrname":"100.144.21.46.in-addr.arpa","rrtype":"PTR","ttl":3599,"rdata":"100.144.21.46.static.swiftway.net"}}
{"timestamp":"2019-09-18T00:15:01.659416+0000","flow_id":1342986730665355,"pcap_cnt":1795,"event_type":"fileinfo","src_ip":"46.21.144.100","src_port":80,"dest_ip":"192.168.56.101","dest_port":49174,"proto":"TCP","http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2399},"app_proto":"http","fileinfo":{"filename":"\/A1P0O0O8U7R4\/star_commandPage.php","gaps":false,"state":"CLOSED","stored":false,"size":2399,"tx_id":0}}
{"timestamp":"2019-09-18T00:15:01.872554+0000","flow_id":1342986730665355,"pcap_cnt":1799,"event_type":"http","src_ip":"192.168.56.101","src_port":49174,"dest_ip":"46.21.144.100","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html"}}
{"timestamp":"2019-09-18T00:15:02.660870+0000","flow_id":1342986730665355,"pcap_cnt":1803,"event_type":"fileinfo","src_ip":"46.21.144.100","src_port":80,"dest_ip":"192.168.56.101","dest_port":49174,"proto":"TCP","http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2161},"app_proto":"http","fileinfo":{"filename":"\/A1P0O0O8U7R4\/star_commandPage.php","gaps":false,"state":"CLOSED","stored":false,"size":2161,"tx_id":1}}
{"timestamp":"2019-09-18T00:15:02.661383+0000","flow_id":1342986730665355,"pcap_cnt":1806,"event_type":"http","src_ip":"192.168.56.101","src_port":49174,"dest_ip":"46.21.144.100","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html"}}
{"timestamp":"2019-09-18T00:15:03.635148+0000","flow_id":44817832928188,"pcap_cnt":1808,"event_type":"dns","src_ip":"192.168.56.1","src_port":53,"dest_ip":"192.168.56.101","dest_port":60082,"proto":"UDP","dns":{"type":"answer","id":49433,"rcode":"NOERROR","rrname":"194.116.235.91.in-addr.arpa","rrtype":"A","ttl":0,"rdata":"192.168.56.1"}}
{"timestamp":"2019-09-18T00:15:03.661222+0000","flow_id":1342986730665355,"pcap_cnt":1810,"event_type":"fileinfo","src_ip":"46.21.144.100","src_port":80,"dest_ip":"192.168.56.101","dest_port":49174,"proto":"TCP","http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2161},"app_proto":"http","fileinfo":{"filename":"\/A1P0O0O8U7R4\/star_commandPage.php","gaps":false,"state":"CLOSED","stored":false,"size":2161,"tx_id":2}}
{"timestamp":"2019-09-18T00:15:03.661457+0000","flow_id":1342986730665355,"pcap_cnt":1813,"event_type":"http","src_ip":"192.168.56.101","src_port":49174,"dest_ip":"46.21.144.100","dest_port":80,"proto":"TCP","tx_id":3,"http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html"}}
{"timestamp":"2019-09-18T00:15:04.661700+0000","flow_id":1342986730665355,"pcap_cnt":1817,"event_type":"fileinfo","src_ip":"46.21.144.100","src_port":80,"dest_ip":"192.168.56.101","dest_port":49174,"proto":"TCP","http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2161},"app_proto":"http","fileinfo":{"filename":"\/A1P0O0O8U7R4\/star_commandPage.php","gaps":false,"state":"CLOSED","stored":false,"size":2161,"tx_id":3}}
{"timestamp":"2019-09-18T00:15:04.662008+0000","flow_id":1342986730665355,"pcap_cnt":1820,"event_type":"http","src_ip":"192.168.56.101","src_port":49174,"dest_ip":"46.21.144.100","dest_port":80,"proto":"TCP","tx_id":4,"http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html"}}
{"timestamp":"2019-09-18T00:15:05.660617+0000","flow_id":1342986730665355,"pcap_cnt":1822,"event_type":"fileinfo","src_ip":"46.21.144.100","src_port":80,"dest_ip":"192.168.56.101","dest_port":49174,"proto":"TCP","http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2161},"app_proto":"http","fileinfo":{"filename":"\/A1P0O0O8U7R4\/star_commandPage.php","gaps":false,"state":"CLOSED","stored":false,"size":2161,"tx_id":4}}
{"timestamp":"2019-09-18T00:15:05.660854+0000","flow_id":1342986730665355,"pcap_cnt":1825,"event_type":"http","src_ip":"192.168.56.101","src_port":49174,"dest_ip":"46.21.144.100","dest_port":80,"proto":"TCP","tx_id":5,"http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html"}}
{"timestamp":"2019-09-18T00:15:06.660707+0000","flow_id":1342986730665355,"pcap_cnt":1827,"event_type":"fileinfo","src_ip":"46.21.144.100","src_port":80,"dest_ip":"192.168.56.101","dest_port":49174,"proto":"TCP","http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2161},"app_proto":"http","fileinfo":{"filename":"\/A1P0O0O8U7R4\/star_commandPage.php","gaps":false,"state":"CLOSED","stored":false,"size":2161,"tx_id":5}}
{"timestamp":"2019-09-18T00:15:06.660998+0000","flow_id":1342986730665355,"pcap_cnt":1830,"event_type":"http","src_ip":"192.168.56.101","src_port":49174,"dest_ip":"46.21.144.100","dest_port":80,"proto":"TCP","tx_id":6,"http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html"}}
{"timestamp":"2019-09-18T00:15:07.662386+0000","flow_id":1342986730665355,"pcap_cnt":1832,"event_type":"fileinfo","src_ip":"46.21.144.100","src_port":80,"dest_ip":"192.168.56.101","dest_port":49174,"proto":"TCP","http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2161},"app_proto":"http","fileinfo":{"filename":"\/A1P0O0O8U7R4\/star_commandPage.php","gaps":false,"state":"CLOSED","stored":false,"size":2161,"tx_id":6}}
{"timestamp":"2019-09-18T00:15:07.662729+0000","flow_id":1342986730665355,"pcap_cnt":1835,"event_type":"http","src_ip":"192.168.56.101","src_port":49174,"dest_ip":"46.21.144.100","dest_port":80,"proto":"TCP","tx_id":7,"http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html"}}
{"timestamp":"2019-09-18T00:15:08.660861+0000","flow_id":1342986730665355,"pcap_cnt":1837,"event_type":"fileinfo","src_ip":"46.21.144.100","src_port":80,"dest_ip":"192.168.56.101","dest_port":49174,"proto":"TCP","http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2161},"app_proto":"http","fileinfo":{"filename":"\/A1P0O0O8U7R4\/star_commandPage.php","gaps":false,"state":"CLOSED","stored":false,"size":2161,"tx_id":7}}
{"timestamp":"2019-09-18T00:15:08.661124+0000","flow_id":1342986730665355,"pcap_cnt":1840,"event_type":"http","src_ip":"192.168.56.101","src_port":49174,"dest_ip":"46.21.144.100","dest_port":80,"proto":"TCP","tx_id":8,"http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html"}}
{"timestamp":"2019-09-18T00:15:09.661258+0000","flow_id":1342986730665355,"pcap_cnt":1842,"event_type":"fileinfo","src_ip":"46.21.144.100","src_port":80,"dest_ip":"192.168.56.101","dest_port":49174,"proto":"TCP","http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2161},"app_proto":"http","fileinfo":{"filename":"\/A1P0O0O8U7R4\/star_commandPage.php","gaps":false,"state":"CLOSED","stored":false,"size":2161,"tx_id":8}}
{"timestamp":"2019-09-18T00:15:09.661509+0000","flow_id":1342986730665355,"pcap_cnt":1845,"event_type":"http","src_ip":"192.168.56.101","src_port":49174,"dest_ip":"46.21.144.100","dest_port":80,"proto":"TCP","tx_id":9,"http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html"}}
{"timestamp":"2019-09-18T00:15:10.664491+0000","flow_id":1342986730665355,"pcap_cnt":1847,"event_type":"fileinfo","src_ip":"46.21.144.100","src_port":80,"dest_ip":"192.168.56.101","dest_port":49174,"proto":"TCP","http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2161},"app_proto":"http","fileinfo":{"filename":"\/A1P0O0O8U7R4\/star_commandPage.php","gaps":false,"state":"CLOSED","stored":false,"size":2161,"tx_id":9}}
{"timestamp":"2019-09-18T00:15:10.664740+0000","flow_id":1342986730665355,"pcap_cnt":1850,"event_type":"http","src_ip":"192.168.56.101","src_port":49174,"dest_ip":"46.21.144.100","dest_port":80,"proto":"TCP","tx_id":10,"http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html"}}
{"timestamp":"2019-09-18T00:15:11.663349+0000","flow_id":1342986730665355,"pcap_cnt":1852,"event_type":"fileinfo","src_ip":"46.21.144.100","src_port":80,"dest_ip":"192.168.56.101","dest_port":49174,"proto":"TCP","http":{"hostname":"capturepic.biz","url":"\/A1P0O0O8U7R4\/star_commandPage.php?id=0A7FB6606988","http_user_agent":"bi7zns4we1jzbne","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":2161},"app_proto":"http","fileinfo":{"filename":"\/A1P0O0O8U7R4\/star_commandPage.php","gaps":false,"state":"CLOSED","stored":false,"size":2161,"tx_id":10}}
{"timestamp":"2019-09-18T00:15:11.663645+0000","flow_id":134298673066535

This file has been truncated. Go here to download in full.


keyword_perf.log - (12337 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 9/18/2019 -- 10:52:40
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             54628996        9884            9884            144670          5527.00         5527.00         0.00           
  content          97701716        11267           6235            17160384        8671.00         6816.00         10970.00       
  pcre             23278090        2762            371             2810482         8427.00         7720.00         8537.00        
  byte_test        3190934         556             291             135482          5739.00         5615.00         5874.00        
  byte_jump        669762          125             50              24822           5358.00         5583.00         5207.00        
  isdataat         34834           7               1               5246            4976.00         5096.00         4956.00        
  flowbits         8095928         1497            99              41692           5408.00         6420.00         5336.00        
  urilen           9678858         1753            876             104800          5521.00         5693.00         5349.00        
  byte_extract     30408           4               4               16446           7602.00         7602.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             54628996        9884            9884            144670          5527.00         5527.00         0.00           
  flowbits         7573260         1421            23              41692           5329.00         4911.00         5336.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          33791176        1485            477             17160384        22755.00        11494.00        28083.00       
  pcre             559212          30              2               112002          18640.00        31017.00        17756.00       
  byte_test        3190934         556             291             135482          5739.00         5615.00         5874.00        
  byte_jump        638080          119             44              24822           5362.00         5624.00         5207.00        
  isdataat         34834           7               1               5246            4976.00         5096.00         4956.00        
  byte_extract     30408           4               4               16446           7602.00         7602.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         522668          76              76              21754           6877.00         6877.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          39016288        6214            4459            72352           6278.00         6333.00         6139.00        
  pcre             21223452        2560            296             2810482         8290.00         7465.00         8398.00        
  urilen           9678858         1753            876             104800          5521.00         5693.00         5349.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          444700          74              0               27702           6009.00         0.00            6009.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6636474         461             31              182874          14395.00        35609.00        12866.00       
  pcre             144284          22              0               29448           6558.00         0.00            6558.00        
  byte_jump        31682           6               6               6472            5280.00         5280.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10402148        1709            824             42152           6086.00         6120.00         6055.00        
  pcre             1306856         149             73              62000           8770.00         8120.00         9395.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1356284         222             2               37754           6109.00         6412.00         6106.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          871812          146             146             29520           5971.00         5971.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_raw_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6078            1               0               6078            6078.00         0.00            6078.00        
  pcre             44286           1               0               44286           44286.00        0.00            44286.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4364978         806             294             32930           5415.00         5887.00         5144.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_msg
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5378            1               0               5378            5378.00         0.00            5378.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          806400          148             2               32326           5448.00         5621.00         5446.00        


suricata-4.0.0-etpro-all-alert-2019-09-18-T-10-52-40-09182019.1052-pcap.pcap.txt - (636 bytes) - download
1
2
3
09/18/2019-00:14:57.907513  [**] [1:2012611:5] ET USER_AGENTS Suspicious User-Agent Sample [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.56.101:49173 -> 91.235.116.194:80
09/18/2019-00:14:58.050456  [**] [1:2018959:3] ET POLICY PE EXE or DLL Windows file download HTTP [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 91.235.116.194:80 -> 192.168.56.101:49173
09/18/2019-00:14:58.415949  [**] [1:2015744:4] ET INFO EXE IsDebuggerPresent (Used in Malware Anti-Debugging) [**] [Classification: Misc activity] [Priority: 3] {TCP} 91.235.116.194:80 -> 192.168.56.101:49173


IDSDeathBlossom.py.log - (1144 bytes) - download
1
2
3
4
5
6
7
8
2019-09-18 10:52:14,661 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-18 10:52:15,422 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-18 10:52:15,422 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-18 10:52:15,423 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-18 10:52:15,423 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-18 10:52:15,423 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/25fd01ae598369a63fce56e3c2dd32f356b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09182019.1052-pcap.pcap -vvv -k none
2019-09-18 10:52:40,440 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-18 10:52:40,440 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 25.7890679836