Filename: 53dee84a-41a1-4ec0-86eb-23909a800af1 (1).pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.5326800346 seconds
Hash: 3f6b639cd965593142ca9e7cca9cef0b
Uploaded: 1558595983

Logfiles


suricata-report-2019-05-23-T-07-20-06-05232019.0719-53dee84a-41a1-4ec0-86eb-23909a800af1_1.pcap.txt - (17712 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/3f6b639cd965593142ca9e7cca9cef0b56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05232019.0719-53dee84a-41a1-4ec0-86eb-23909a800af1_1.pcap -vvv -k none
elapsedtime:21.631029
stderr:
stdout:
23/5/2019 -- 07:19:44 - <Info> - Configuration node 'rule-files' redefined.
23/5/2019 -- 07:19:44 - <Notice> - This is Suricata version 4.0.0 RELEASE
23/5/2019 -- 07:19:44 - <Info> - CPUs/cores online: 1
23/5/2019 -- 07:19:44 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32933 and 'request-body-inspect-window' set to 16711 after randomization.
23/5/2019 -- 07:19:44 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33177 and 'response-body-inspect-window' set to 16755 after randomization.
23/5/2019 -- 07:19:44 - <Config> - DNS request flood protection level: 500
23/5/2019 -- 07:19:44 - <Config> - DNS per flow memcap (state-memcap): 524288
23/5/2019 -- 07:19:44 - <Config> - DNS global memcap: 16777216
23/5/2019 -- 07:19:44 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
23/5/2019 -- 07:19:44 - <Config> - preallocated 1000 hosts of size 136
23/5/2019 -- 07:19:44 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
23/5/2019 -- 07:19:44 - <Config> - using magic-file /usr/share/file/magic
23/5/2019 -- 07:19:44 - <Config> - Core dump size is unlimited.
23/5/2019 -- 07:19:44 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
23/5/2019 -- 07:19:44 - <Config> - preallocated 1000 defrag trackers of size 168
23/5/2019 -- 07:19:44 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
23/5/2019 -- 07:19:44 - <Config> - stream "prealloc-sessions": 2048 (per thread)
23/5/2019 -- 07:19:44 - <Config> - stream "memcap": 33554432
23/5/2019 -- 07:19:44 - <Config> - stream "midstream" session pickups: disabled
23/5/2019 -- 07:19:44 - <Config> - stream "async-oneside": disabled
23/5/2019 -- 07:19:44 - <Config> - stream "checksum-validation": disabled
23/5/2019 -- 07:19:44 - <Config> - stream."inline": disabled
23/5/2019 -- 07:19:44 - <Config> - stream "bypass": disabled
23/5/2019 -- 07:19:44 - <Config> - stream "max-synack-queued": 5
23/5/2019 -- 07:19:44 - <Config> - stream.reassembly "memcap": 134217728
23/5/2019 -- 07:19:44 - <Config> - stream.reassembly "depth": 0
23/5/2019 -- 07:19:44 - <Config> - stream.reassembly "toserver-chunk-size": 2542
23/5/2019 -- 07:19:44 - <Config> - stream.reassembly "toclient-chunk-size": 2669
23/5/2019 -- 07:19:44 - <Config> - stream.reassembly.raw: enabled
23/5/2019 -- 07:19:44 - <Config> - stream.reassembly "segment-prealloc": 2048
23/5/2019 -- 07:19:44 - <Config> - Delayed detect disabled
23/5/2019 -- 07:19:44 - <Config> - pattern matchers: MPM: ac, SPM: bm
23/5/2019 -- 07:19:44 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
23/5/2019 -- 07:19:44 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
23/5/2019 -- 07:19:44 - <Config> - prefilter engines: MPM
23/5/2019 -- 07:19:44 - <Config> - IP reputation disabled
23/5/2019 -- 07:19:44 - <Perf> - Registered 148 keyword profiling counters.
23/5/2019 -- 07:19:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
23/5/2019 -- 07:19:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
23/5/2019 -- 07:19:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
23/5/2019 -- 07:19:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
23/5/2019 -- 07:19:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
23/5/2019 -- 07:19:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
23/5/2019 -- 07:19:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
23/5/2019 -- 07:19:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
23/5/2019 -- 07:19:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
23/5/2019 -- 07:19:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
23/5/2019 -- 07:19:49 - <Config> - No rules loaded from ET-icmp.rules.
23/5/2019 -- 07:19:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
23/5/2019 -- 07:19:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
23/5/2019 -- 07:19:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
23/5/2019 -- 07:19:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
23/5/2019 -- 07:19:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
23/5/2019 -- 07:19:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
23/5/2019 -- 07:19:49 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
23/5/2019 -- 07:19:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
23/5/2019 -- 07:19:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
23/5/2019 -- 07:19:50 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
23/5/2019 -- 07:19:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
23/5/2019 -- 07:19:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
23/5/2019 -- 07:19:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
23/5/2019 -- 07:19:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
23/5/2019 -- 07:19:54 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
23/5/2019 -- 07:19:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
23/5/2019 -- 07:19:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
23/5/2019 -- 07:19:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
23/5/2019 -- 07:19:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
23/5/2019 -- 07:19:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
23/5/2019 -- 07:19:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
23/5/2019 -- 07:19:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
23/5/2019 -- 07:19:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
23/5/2019 -- 07:19:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
23/5/2019 -- 07:19:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
23/5/2019 -- 07:19:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
23/5/2019 -- 07:19:55 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
23/5/2019 -- 07:19:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
23/5/2019 -- 07:19:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
23/5/2019 -- 07:19:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
23/5/2019 -- 07:19:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
23/5/2019 -- 07:19:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
23/5/2019 -- 07:19:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
23/5/2019 -- 07:19:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
23/5/2019 -- 07:19:57 - <Config> - No rules loaded from local.rules.
23/5/2019 -- 07:19:57 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
23/5/2019 -- 07:19:57 - <Info> - Threshold config parsed: 0 rule(s) found
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for tcp-packet
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for tcp-stream
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for udp-packet
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for other-ip
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_uri
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_request_line
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_client_body
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_response_line
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_header
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_header
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_header_names
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_header_names
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_accept
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_accept_enc
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_accept_lang
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_referer
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_connection
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_content_len
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_content_len
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_content_type
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_content_type
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_protocol
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_protocol
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_start
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_start
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_raw_header
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_raw_header
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_method
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_cookie
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_cookie
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_raw_uri
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_user_agent
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_host
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_raw_host
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_stat_msg
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_stat_code
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for dns_query
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for tls_sni
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for tls_cert_issuer
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for tls_cert_subject
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for tls_cert_serial
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for dce_stub_data
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for dce_stub_data
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for ssh_protocol
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for ssh_protocol
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for ssh_software
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for ssh_software
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for file_data
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for file_data
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_request_line
23/5/2019 -- 07:19:57 - <Perf> - using shared mpm ctx' for http_response_line
23/5/2019 -- 07:19:57 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
23/5/2019 -- 07:19:57 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
23/5/2019 -- 07:19:57 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
23/5/2019 -- 07:19:58 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
23/5/2019 -- 07:19:58 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
23/5/2019 -- 07:19:58 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
23/5/2019 -- 07:19:58 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
23/5/2019 -- 07:19:58 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
23/5/2019 -- 07:20:02 - <Perf> - Unique rule groups: 104
23/5/2019 -- 07:20:02 - <Perf> - Builtin MPM "toserver TCP packet": 35
23/5/2019 -- 07:20:02 - <Perf> - Builtin MPM "toclient TCP packet": 17
23/5/2019 -- 07:20:02 - <Perf> - Builtin MPM "toserver TCP stream": 33
23/5/2019 -- 07:20:02 - <Perf> - Builtin MPM "toclient TCP stream": 19
23/5/2019 -- 07:20:02 - <Perf> - Builtin MPM "toserver UDP packet": 27
23/5/2019 -- 07:20:02 - <Perf> - Builtin MPM "toclient UDP packet": 17
23/5/2019 -- 07:20:02 - <Perf> - Builtin MPM "other IP packet": 3
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_uri": 14
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_request_line": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_client_body": 6
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toclient http_response_line": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_header": 10
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toclient http_header": 6
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_header_names": 2
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_accept": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_referer": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_content_len": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_content_type": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toclient http_content_type": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_protocol": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_start": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_method": 5
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_cookie": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toclient http_cookie": 2
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver http_host": 2
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver dns_query": 4
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver tls_sni": 2
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toserver file_data": 1
23/5/2019 -- 07:20:02 - <Perf> - AppLayer MPM "toclient file_data": 7
23/5/2019 -- 07:20:04 - <Perf> - Registered 39590 rule profiling counters.
23/5/2019 -- 07:20:04 - <Info> - fast output device (regular) initialized: alert
23/5/2019 -- 07:20:04 - <Info> - eve-log output device (regular) initialized: eve.json
23/5/2019 -- 07:20:04 - <Config> - enabling 'eve-log' module 'alert'
23/5/2019 -- 07:20:04 - <Config> - enabling 'eve-log' module 'http'
23/5/2019 -- 07:20:04 - <Config> - enabling 'eve-log' module 'dns'
23/5/2019 -- 07:20:04 - <Config> - enabling 'eve-log' module 'tls'
23/5/2019 -- 07:20:04 - <Config> - enabling 'eve-log' module 'files'
23/5/2019 -- 07:20:04 - <Config> - enabling 'eve-log' module 'ssh'
23/5/2019 -- 07:20:04 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
23/5/2019 -- 07:20:04 - <Info> - stats output device (regular) initialized: stats.log
23/5/2019 -- 07:20:04 - <Config> - AutoFP mode using "Hash" flow load balancer
23/5/2019 -- 07:20:04 - <Info> - reading pcap file /var/pcap/05232019.0719-53dee84a-41a1-4ec0-86eb-23909a800af1_1.pcap
23/5/2019 -- 07:20:04 - <Config> 

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-perf.txt-2019-05-23-T-07-20-06-05232019.0719-53dee84a-41a1-4ec0-86eb-23909a800af1_1.pcap.txt - (32470 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 5/23/2019 -- 07:20:06. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2815872      1        2        5586788      16.45  2        0        5583589     2793394.00  0.00        2793394.00 
  2        2019230      1        2        443540       1.31   6        0        402051      73923.33    0.00        73923.33   
  3        2820157      1        2        1318204      3.88   8        0        307330      164775.50   0.00        164775.50  
  4        2820158      1        2        1331842      3.92   8        0        306909      166480.25   0.00        166480.25  
  5        2819930      1        2        3346170      9.85   21       0        289572      159341.43   0.00        159341.43  
  6        2819664      1        2        3390455      9.98   21       0        283006      161450.24   0.00        161450.24  
  7        2816525      1        10       284222       0.84   4        0        105295      71055.50    0.00        71055.50   
  8        2805348      1        4        772441       2.27   15       0        95144       51496.07    0.00        51496.07   
  9        2816910      1        2        256558       0.76   4        0        93807       64139.50    0.00        64139.50   
  10       2018358      1        7        304467       0.90   4        0        83564       76116.75    0.00        76116.75   
  11       2816928      1        3        183002       0.54   4        0        79494       45750.50    0.00        45750.50   
  12       2019881      1        3        158972       0.47   4        0        78339       39743.00    0.00        39743.00   
  13       2816831      1        2        73311        0.22   1        0        73311       73311.00    0.00        73311.00   
  14       2816356      1        2        285407       0.84   6        0        72074       47567.83    0.00        47567.83   
  15       2020470      1        6        110961       0.33   4        0        67972       27740.25    0.00        27740.25   
  16       2816909      1        2        223154       0.66   4        0        67665       55788.50    0.00        55788.50   
  17       2025064      1        5        169935       0.50   4        0        63971       42483.75    0.00        42483.75   
  18       2816940      1        2        214253       0.63   4        0        61318       53563.25    0.00        53563.25   
  19       2816927      1        3        157152       0.46   4        0        61120       39288.00    0.00        39288.00   
  20       2816924      1        4        133609       0.39   4        0        54478       33402.25    0.00        33402.25   
  21       2020825      1        6        109097       0.32   4        0        51975       27274.25    0.00        27274.25   
  22       2827279      1        5        126377       0.37   4        0        47946       31594.25    0.00        31594.25   
  23       2019622      1        2        47823        0.14   1        1        47823       47823.00    47823.00    0.00       
  24       2022609      1        2        214570       0.63   6        0        46679       35761.67    0.00        35761.67   
  25       2828122      1        2        154193       0.45   4        0        46614       38548.25    0.00        38548.25   
  26       2816925      1        3        131557       0.39   4        0        46005       32889.25    0.00        32889.25   
  27       2826256      1        2        161741       0.48   6        0        45965       26956.83    0.00        26956.83   
  28       2816327      1        4        152708       0.45   4        0        44699       38177.00    0.00        38177.00   
  29       2018784      1        9        43213        0.13   1        0        43213       43213.00    0.00        43213.00   
  30       2816922      1        5        136802       0.40   4        0        42789       34200.50    0.00        34200.50   
  31       2016726      1        6        42779        0.13   1        0        42779       42779.00    0.00        42779.00   
  32       2018452      1        15       146642       0.43   4        0        42424       36660.50    0.00        36660.50   
  33       2022502      1        4        232768       0.69   6        0        41824       38794.67    0.00        38794.67   
  34       2823855      1        7        40893        0.12   1        0        40893       40893.00    0.00        40893.00   
  35       2809859      1        6        171472       0.50   6        0        40316       28578.67    0.00        28578.67   
  36       2822601      1        4        196802       0.58   6        0        40185       32800.33    0.00        32800.33   
  37       2016759      1        1        109399       0.32   3        0        39759       36466.33    0.00        36466.33   
  38       2018010      1        5        99571        0.29   4        0        39234       24892.75    0.00        24892.75   
  39       2018981      1        4        122008       0.36   4        0        39212       30502.00    0.00        30502.00   
  40       2819673      1        4        128680       0.38   4        0        39125       32170.00    0.00        32170.00   
  41       2024771      1        1        565262       1.66   84       0        39118       6729.31     0.00        6729.31    
  42       2821615      1        2        39097        0.12   1        0        39097       39097.00    0.00        39097.00   
  43       2828060      1        4        38855        0.11   1        0        38855       38855.00    0.00        38855.00   
  44       2018496      1        9        120869       0.36   4        0        38689       30217.25    0.00        30217.25   
  45       2816929      1        4        128920       0.38   4        0        37935       32230.00    0.00        32230.00   
  46       2816619      1        2        70804        0.21   2        0        37510       35402.00    0.00        35402.00   
  47       2017567      1        3        36923        0.11   1        0        36923       36923.00    0.00        36923.00   
  48       2019113      1        2        119959       0.35   4        0        36899       29989.75    0.00        29989.75   
  49       2820851      1        5        137567       0.41   4        0        36871       34391.75    0.00        34391.75   
  50       2815817      1        5        117584       0.35   4        0        36764       29396.00    0.00        29396.00   
  51       2012236      1        2        36442        0.11   1        0        36442       36442.00    0.00        36442.00   
  52       2019344      1        5        120764       0.36   4        0        36349       30191.00    0.00        30191.00   
  53       2013739      1        15       222135       0.65   72       0        34929       3085.21     0.00        3085.21    
  54       2018958      1        18       132113       0.39   4        0        34364       33028.25    0.00        33028.25   
  55       2014380      1        4        130288       0.38   6        0        34336       21714.67    0.00        21714.67   
  56       2821561      1        2        121175       0.36   4        0        34126       30293.75    0.00        30293.75   
  57       2003657      1        18       98063        0.29   4        0        33914       24515.75    0.00        24515.75   
  58       2828986      1        2        33629        0.10   1        0        33629       33629.00    0.00        33629.00   
  59       2010140      1        7        328008       0.97   78       0        33475       4205.23     0.00        4205.23    
  60       2017552      1        6        912505       2.69   62       0        32629       14717.82    0.00        14717.82   
  61       2816165      1        5        132898       0.39   6        0        32380       22149.67    0.00        22149.67   
  62       2017613      1        9        114887       0.34   4        0        32350       28721.75    0.00        28721.75   
  63       2010143      1        3        241396       0.71   78       0        32296       3094.82     0.00        3094.82    
  64       2018242      1        5        115188       0.34   4        0        31957       28797.00    0.00        28797.00   
  65       2816330      1        2        60133        0.18   2        0        31447       30066.50    0.00        30066.50   
  66       2013414      1        10       53346        0.16   2        0        30665       26673.00    0.00        26673.00   
  67       2806802      1        2        359620       1.06   18       0        30454       19978.89    0.00        19978.89   
  68       2015781      1        2        29988        0.09   1        0        29988       29988.00    0.00        29988.00   
  69       2016858      1        10       110275       0.32   4        0        29346       27568.75    0.00        27568.75   
  70       2809850      1        2        29188        0.09   1        0        29188       29188.00    0.00        29188.00   
  71       2016537      1        2        816421       2.40   58       0        29124       14076.22    0.00        14076.22   
  72       2816526      1        13       109149       0.32   4        0        28955       27287.25    0.00        27287.25   
  73       2812116      1        3        28772        0.08   1        1        28772       28772.00    28772.00    0.00       
  74       2816328      1        5        104562       0.31   4        0        28433       26140.50    0.00        26140.50   
  75       2829848      1        2        28224        0.08   1        0        28224       28224.00    0.00        28224.00   
  76       2018983      1        7        104179       0.31   4        0        28045       26044.75    0.00        26044.75   
  77       2816530      1        2        52377        0.15   2        0        27805       26188.50    0.00        26188.50   
  78       2802990      1        5        39685        0.12   2        0        27743       19842.50    0.00        19842.50   
  79       2807507      1        2        106021       0.31   4        0        27398       26505.25    0.00        26505.25   
  80       2819887      1        2        54551        0.16   2        0        27317       27275.50    0.00        27275.50   
  81       2017903      1        3        88823        0.26   4        0        27217       22205.75    0.00        22205.75   
  82       2008782      1        5        52274        0.15   2        0        27077       26137.00    0.00        26137.00   
  83       2816930      1        4        103724       0.31   4        0        26703       25931.00    0.00        25931.00   
  84       2816931      1        3        102587       0.30   4        0        26645       25646.75    0.00        25646.75   
  85       2009702      1        5        148666       0.44   12       0        25493       12388.83    0.00        12388.83   
  86       2827580      1        7        67647        0.20   3        0        24930       22549.00    0.00        22549.00   
  87       2828190      1        2        89188        0.26   4        0        24812       22297.00    0.00        22297.00   
  88       2825027      1        3        24372        0.07   1        0        24372       24372.00    0.00        24372.00   
  89       2012707      1        5        107292       0.32   5        0        23719       21458.40    0.00        21458.40   
  90       2024909      1        2        23274        0.07   1        0        23274       23274.00    0.00        23274.00   
  91       2828008      1        2        85151        0.25   4        0        23248       21287.75    0.00        21287.75   
  92       2816669      1        4        86259        0.25   4        0        23164       21564.75    0.00        21564.75   
  93       2008120      1        4        244171       0.72   84       0        23134       2906.80     0.00        2906.80    
  94       2810353      1        5        44803        0.13   2        0        22935       22401.50    0.00        22401.50   
  95       2018546      1        6        85054        0.25   4        0        22856       21263.50    0.00        21263.50   
  96       2014701      1        12       141501       0.42   12       0        22627       11791.75    0.00        11791.75   
  97       2823663      1        3        22228        0.07   1        0        22228       22228.00    0.00        22228.00   
  98       2021266      1        2        25163        0.07   2        0        22082       12581.50    0.00        12581.50   
  99       2021248      1        7        25128        0.07   2        0        22056       12564.00    0.00        12564.00   
  100      2820044      1        2        81215        0.24   4        0        21990       20303.75    0.00        20303.75   
  101      2014519      1        7        132398       0.39   7        0        21751       18914.00    0.00        18914.00   
  102      2820197      1        2        84564        0.25   4        0        21738       21141.00    0.00        21141.00   
  103      2816857      1        2        81093        0.24   4        0        21664       20273.25    0.00        20273.25   
  104      2816832      1        2        21610        0.06   1        0        21610       21610.00    0.00        21610.00   
  105      2825721      1        2        21486        0.06   1        0        21486       21486.00    0.00        21486.00   
  106      2021267      1        2        24241        0.07   2        0        21478       12120.50    0.00        12120.50   
  107      2804626      1        9        81562        0.24   4        0        21461       20390.50    0.00        20390.50   
  108      2017694      1        6        20578        0.06   1        0        20578       20578.00    0.00        20578.00   
  109      2816895      1        2        20351        0.06   1        0        20351       20351.00    0.00        20351.00   
  110      2816802      1        2        20194        0.06   1        0        20194       20194.00    0.00        20194.00   
  111      2820592      1        3        19944        0.06   1        0        19944       19944.00    0.00        19944.00   
  112      2814653      1        2        19825        0.06   1        0        19825       19825.00    0.00        19825.00   
  113      2811544      1        1        58816        0.17   6        0        19286       9802.67     0.00        9802.67    
  114      2022543      1        1        94126        0.28   6        0        17640       15687.67    0.00        15687.67   
  115      2803760      1        3        94384        0.28   6        0        16689       15730.67    0.00        15730.67   
  116      2826281      1        2        91447        0.27   6        0        16439       15241.17    0.00        15241.17   
  117      2001330      1        8        232276       0.68   80       0        16419       2903.45     0.00        2903.45    
  118      2810487      1        1        31940        0.09   2        0        16201       15970.00    0.00        15970.00   
  119      2811577      1        2        55427        0.16   6        0        15943       9237.83     0.00        9237.83    
  120      2018375      1        3        26235        0.08   2        0        15731       13117.50    0.00        13117.50   
  121      2023623      1        3        164029       0.48   58       0        15589       2828.09     0.00        2828.09    
  122      2804586      1        2        21120        0.06   3        0        15182       7040.00     0.00        7040.00    
  123      2014702      1        9        102639       0.30   12       0        15050       8553.25     0.00        8553.25    
  124      2022914      1        1        35046        0.10   3        0        14953       11682.00    0.00        11682.00   
  125      2014703      1        9        1

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2019-05-23-T-07-20-06-05232019.0719-53dee84a-41a1-4ec0-86eb-23909a800af1_1.pcap.txt - (435 bytes) - download
1
2
04/04/2019-17:10:30.427681  [**] [1:2812116:3] ETPRO POLICY External IP Address/Location Disclosure - geoplugin.net [**] [Classification: Potential Corporate Privacy Violation] [Priority: 1] {TCP} 192.168.100.134:50306 -> 178.237.33.50:80
04/04/2019-17:10:31.974325  [**] [1:2019622:2] ET MALWARE Win32/DealPly Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.134:50330 -> 54.210.222.249:80


packet_stats.log - (14817 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           189          2611773      134072166      93354968         17.6b   83.42
 IPv4      17            78          8392054      136385705      41446381          3.2b   15.28
 IPv6      17            12          8995686       41689722      22833929        274.0m    1.30
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           189            67804        7189992        401573         75.9m   68.77
TMM_FLOWWORKER              IPv4      17            78           119894       12264717        394667         30.8m   27.89
TMM_RECEIVEPCAPFILE         IPv4       6           186             2546           4007          2906        540.7k    0.49
TMM_RECEIVEPCAPFILE         IPv4      17            78             2551           7705          2946        229.9k    0.21
TMM_DECODEPCAPFILE          IPv4       6           186             2656          24327          2988        555.8k    0.50
TMM_DECODEPCAPFILE          IPv4      17            78             2687          25409          3092        241.2k    0.22
TMM_FLOWWORKER              IPv6      17            12           113614         350102        169862          2.0m    1.85
TMM_RECEIVEPCAPFILE         IPv6      17            12             2619           3107          2828         33.9k    0.03
TMM_DECODEPCAPFILE          IPv6      17            12             2717          18004          4064         48.8k    0.04

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           186             2844          24446          3370        626.8k  0.69  
flow                    IPv4      17            78             2676          34902          4368        340.8k  0.38  
stream                  IPv4       6           189             2711         799748         18934          3.6m  3.95  
app-layer               IPv4      17            78             2538          52759          6390        498.5k  0.55  
detect                  IPv4       6           189            45161        7149063        350731         66.3m  73.25 
detect                  IPv4      17            78           103809         811667        210978         16.5m  18.19 
tcp-prune               IPv4       6           189             2563         202022          4229        799.4k  0.88  
flow                    IPv6      17            12             2876          14560          5969         71.6k  0.08  
app-layer               IPv6      17            12             2560          11200          5470         65.6k  0.07  
detect                  IPv6      17            12            97087         314973        147033          1.8m  1.95  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             9             2838          40179         12365        111.3k  54.34 
http                    IPv4      17             1             3569           3569          3569          3.6k  1.74  
dns                     IPv4      17            12             4194          22703          7494         89.9k  43.92 
Proto detect            IPv4      17            19             2769          26442          7515        142.8k
Proto detect            IPv6      17             5             3213           5340          3717         18.6k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             2            38922          78603         58762        117.5k  0.84  
LOGGER_UNIFIED2             IPv4       6             2            35953         106417         71185        142.4k  1.01  
LOGGER_JSON_ALERT           IPv4       6             2            71988          80016         76002        152.0k  1.08  
LOGGER_JSON_DNS             IPv4      17            12            43421       11740118       1042818         12.5m  88.94 
LOGGER_JSON_HTTP            IPv4       6             6            38693         128482         70842        425.1k  3.02  
LOGGER_JSON_FILE            IPv4       6             9            45966         141628         79861        718.8k  5.11  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6           109             2593         600568         29460         3.2m  15.46 
payload                           IPv4      17            78             3194         126201         17130         1.3m  6.43  
stream                            IPv4       6           109             2548         889893         51802         5.6m  27.18 
http_uri                          IPv4       6             6             3767          19811          9020        54.1k  0.26  
http_request_line                 IPv4       6             6             4421           8277          6018        36.1k  0.17  
http_client_body                  IPv4       6             6             2910         106617         33460       200.8k  0.97  
http_header (request)             IPv4       6             6            32997          60024         46789       280.7k  1.35  
http_header (request trailer)     IPv4       6             6             2632          16405          5000        30.0k  0.14  
http_header_names (request)       IPv4       6             6             7309          20710         13713        82.3k  0.40  
http_accept (request)             IPv4       6             6             3146           5513          3897        23.4k  0.11  
http_referer (request)            IPv4       6             6             2984           3990          3311        19.9k  0.10  
http_content_len (request)        IPv4       6             6             2925           7447          4391        26.3k  0.13  
http_content_type (request)       IPv4       6             6             3006          21379          6286        37.7k  0.18  
http_protocol (request)           IPv4       6             6             3504           6125          4703        28.2k  0.14  
http_start (request)              IPv4       6             6             9651          16415         13442        80.7k  0.39  
http_raw_header (request)         IPv4       6             6             9527          14548         11714        70.3k  0.34  
http_method                       IPv4       6             6             4896           7511          6340        38.0k  0.18  
http_cookie (request)             IPv4       6             6             2894           4211          3412        20.5k  0.10  
http_raw_uri                      IPv4       6             6             2927           5321          3858        23.1k  0.11  
http_user_agent                   IPv4       6             6             3230          29965         13817        82.9k  0.40  
http_host                         IPv4       6             6             6164          11386          9291        55.7k  0.27  
dns_query                         IPv4      17             6             9355          29890         16670       100.0k  0.48  
http_response_line                IPv4       6             6             4949           8614          6438        38.6k  0.19  
http_header (response)            IPv4       6             6            23521          65431         41290       247.7k  1.19  
http_header (response trailer)    IPv4       6             6             2582           3708          2871        17.2k  0.08  
http_content_type (response)      IPv4       6             6             4921          23987         10766        64.6k  0.31  
http_raw_header (response)        IPv4       6            86             5507          44213          7356       632.6k  3.05  
http_cookie (response)            IPv4       6             6             3015           3440          3138        18.8k  0.09  
http_stat_code                    IPv4       6             6             3234           4676          3979        23.9k  0.11  
file_data (http response)         IPv4       6            80             2581        1585012        100312         8.0m  38.63 
Total                             IPv4                   612                                         33583        20.6m
payload                           IPv6      17            12             3345         109607         18299       219.6k  1.06  
Total                             IPv6                    12                                         18299       219.6k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            12             9905          71511         34589        415.1k  0.35  
PROF_DETECT_IPONLY          IPv4      17            20            37621          95202         53657          1.1m  0.92  
PROF_DETECT_RULES           IPv4       6           189             2570        5992678        166556         31.5m  26.92 
PROF_DETECT_RULES           IPv4      17            78            44896         600073        114304          8.9m  7.62  
PROF_DETECT_STATEFUL_START    IPv4       6            94             5130        1415145        157906         14.8m  12.69 
PROF_DETECT_STATEFUL_CONT    IPv4       6           189             2529          40444          9765          1.8m  1.58  
PROF_DETECT_STATEFUL_CONT    IPv4      17            78             2516          45848          3899        304.2k  0.26  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           165             2566          31522          3155        520.6k  0.45  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17            12             2657           4003          2921         35.1k  0.03  
PROF_DETECT_PREFILTER       IPv4       6           189             7920        1794566        129211         24.4m  20.88 
PROF_DETECT_PREFILTER       IPv4      17            78            24230         163286         42614          3.3m  2.84  
PROF_DETECT_PF_PAYLOAD      IPv4       6           109            13621         922892         89336          9.7m  8.33  
PROF_DETECT_PF_PAYLOAD      IPv4      17            78             8456         131591         22407          1.7m  1.49  
PROF_DETECT_PF_TX           IPv4       6           165             2579        1600183         70933         11.7m  10.01 
PROF_DETECT_PF_TX           IPv4      17             6            16024          35689         22511        135.1k  0.12  
PROF_DETECT_PF_SORT1        IPv4       6            70             2545          20648          3732        261.3k  0.22  
PROF_DETECT_PF_SORT1        IPv4      17            78             2667           7306          3526        275.0k  0.24  
PROF_DETECT_PF_SORT2        IPv4       6           189             2544          15732          3021        571.1k  0.49  
PROF_DETECT_PF_SORT2        IPv4      17            78             2559          31634          3215        250.8k  0.21  
PROF_DETECT_NONMPMLIST      IPv4       6           189             2556          20274          3057        577.8k  0.49  
PROF_DETECT_NONMPMLIST      IPv4      17            78             2532           4979          2880        224.7k  0.19  
PROF_DETECT_ALERT           IPv4       6           189             2526          16229          2795        528.3k  0.45  
PROF_DETECT_ALERT           IPv4      17            78             2535           3852          2635        205.6k  0.18  
PROF_DETECT_CLEANUP         IPv4       6           189             2582          17020          3083        582.7k  0.50  
PROF_DETECT_CLEANUP         IPv4      17            78             2529           5632          2832        221.0k  0.19  
PROF_DETECT_GETSGH          IPv4       6           189             2529          15315          3021        571.1k  0.49  
PROF_DETECT_GETSGH          IPv4      17            78             2536          46930          4428        345.4k  0.30  
PROF_DETECT_IPONLY          IPv6      17             5             3347          11567          6377         31.9k  0.03  
PROF_DETECT_RULES           IPv6      17            12            33943         116453         62265        747.2k  0.64  
PROF_DETECT_STATEFUL_CONT    IPv6      17            12             2523           3465          2760         33.1k  0.03  
PROF_DETECT_PREFILTER       IPv6      17            12            24120         142894         42365        508.4k  0.43  
PROF_DETECT_PF_PAYLOAD      IPv6      17            12             8416         115019         23445        281.3k  0.24  
PROF_DETECT_PF_SORT1        IPv6      17            12             2637           4022          3255         39.1k  0.03  
PROF_DETECT_PF_SORT2        IPv6      17            12             2555           3910          2914         35.0k  0.03  
PROF_DETECT_NONMPMLIST      IPv6      17            12             2533           3391          2812         33.8k  0.03  
PROF_DETECT_ALERT           IPv6      17            12             2545           4060          2736         32.8k  0.03  
PROF_DETECT_CLEANUP         IPv6      17            12             2536           4175          2849         34.2k  0.03  
PROF_DETECT_GETSGH          IPv6      17            12             2608          16350          5070         60.8k  0.05  


stats.log - (3290 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
------------------------------------------------------------------------------------
Date: 5/23/2019 -- 07:20:06 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 673
decoder.bytes                              | Total                     | 126282
decoder.ipv4                               | Total                     | 264
decoder.ipv6                               | Total                     | 12
decoder.ethernet                           | Total                     | 673
decoder.tcp                                | Total                     | 186
decoder.udp                                | Total                     | 90
decoder.avg_pkt_size                       | Total                     | 187
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 6
flow.udp                                   | Total                     | 19
tcp.sessions                               | Total                     | 6
tcp.syn                                    | Total                     | 6
tcp.synack                                 | Total                     | 6
tcp.rst                                    | Total                     | 6
tcp.overlap                                | Total                     | 3
detect.alert                               | Total                     | 2
detect.mpm_list                            | Total                     | 6
detect.nonmpm_list                         | Total                     | 2
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 7
app_layer.flow.http                        | Total                     | 6
app_layer.tx.http                          | Total                     | 6
app_layer.flow.dns_udp                     | Total                     | 6
app_layer.tx.dns_udp                       | Total                     | 6
app_layer.flow.failed_udp                  | Total                     | 13
flow_mgr.new_pruned                        | Total                     | 10
flow.spare                                 | Total                     | 9999
flow_mgr.flows_checked                     | Total                     | 13
flow_mgr.flows_notimeout                   | Total                     | 3
flow_mgr.flows_timeout                     | Total                     | 10
flow_mgr.flows_removed                     | Total                     | 10
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65523
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7078048


eve.json - (15869 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
{"timestamp":"2019-04-04T17:10:29.496297+0000","flow_id":1630057034781353,"pcap_cnt":167,"event_type":"dns","src_ip":"192.168.100.134","src_port":63500,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":18009,"rrname":"hajanac.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-04T17:10:29.519195+0000","flow_id":1630057034781353,"pcap_cnt":168,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":63500,"proto":"UDP","dns":{"type":"answer","id":18009,"rcode":"NOERROR","rrname":"hajanac.com","rrtype":"A","ttl":59,"rdata":"50.17.202.228"}}
{"timestamp":"2019-04-04T17:10:29.519195+0000","flow_id":1630057034781353,"pcap_cnt":168,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":63500,"proto":"UDP","dns":{"type":"answer","id":18009,"rcode":"NOERROR","rrname":"hajanac.com","rrtype":"A","ttl":59,"rdata":"54.243.224.122"}}
{"timestamp":"2019-04-04T17:10:29.519195+0000","flow_id":1630057034781353,"pcap_cnt":168,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":63500,"proto":"UDP","dns":{"type":"answer","id":18009,"rcode":"NOERROR","rrname":"hajanac.com","rrtype":"A","ttl":59,"rdata":"54.225.173.113"}}
{"timestamp":"2019-04-04T17:10:29.856957+0000","flow_id":117721740415869,"pcap_cnt":175,"event_type":"dns","src_ip":"192.168.100.134","src_port":56851,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":593,"rrname":"dphte6lva39p2.cloudfront.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-04T17:10:29.880211+0000","flow_id":117721740415869,"pcap_cnt":176,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":56851,"proto":"UDP","dns":{"type":"answer","id":593,"rcode":"NOERROR","rrname":"dphte6lva39p2.cloudfront.net","rrtype":"A","ttl":59,"rdata":"143.204.194.213"}}
{"timestamp":"2019-04-04T17:10:29.880211+0000","flow_id":117721740415869,"pcap_cnt":176,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":56851,"proto":"UDP","dns":{"type":"answer","id":593,"rcode":"NOERROR","rrname":"dphte6lva39p2.cloudfront.net","rrtype":"A","ttl":59,"rdata":"143.204.194.224"}}
{"timestamp":"2019-04-04T17:10:29.880211+0000","flow_id":117721740415869,"pcap_cnt":176,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":56851,"proto":"UDP","dns":{"type":"answer","id":593,"rcode":"NOERROR","rrname":"dphte6lva39p2.cloudfront.net","rrtype":"A","ttl":59,"rdata":"143.204.194.179"}}
{"timestamp":"2019-04-04T17:10:29.880211+0000","flow_id":117721740415869,"pcap_cnt":176,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":56851,"proto":"UDP","dns":{"type":"answer","id":593,"rcode":"NOERROR","rrname":"dphte6lva39p2.cloudfront.net","rrtype":"A","ttl":59,"rdata":"143.204.194.210"}}
{"timestamp":"2019-04-04T17:10:29.990004+0000","flow_id":1889468764517649,"pcap_cnt":182,"event_type":"http","src_ip":"192.168.100.134","src_port":50296,"dest_ip":"50.17.202.228","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"hajanac.com","url":"\/","http_content_type":"text\/html"}}
{"timestamp":"2019-04-04T17:10:29.990004+0000","flow_id":1889468764517649,"pcap_cnt":182,"event_type":"fileinfo","src_ip":"192.168.100.134","src_port":50296,"dest_ip":"50.17.202.228","dest_port":80,"proto":"TCP","http":{"hostname":"hajanac.com","url":"\/","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":302,"redirect":"http:\/\/dphte6lva39p2.cloudfront.net","length":1},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":684,"tx_id":0}}
{"timestamp":"2019-04-04T17:10:30.011448+0000","flow_id":1889468764517649,"pcap_cnt":232,"event_type":"fileinfo","src_ip":"50.17.202.228","src_port":80,"dest_ip":"192.168.100.134","dest_port":50296,"proto":"TCP","http":{"hostname":"hajanac.com","url":"\/","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":302,"redirect":"http:\/\/dphte6lva39p2.cloudfront.net","length":1},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":1,"tx_id":0}}
{"timestamp":"2019-04-04T17:10:30.041021+0000","flow_id":2140019976664243,"pcap_cnt":315,"event_type":"http","src_ip":"192.168.100.134","src_port":50302,"dest_ip":"143.204.194.213","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"dphte6lva39p2.cloudfront.net","url":"\/","http_content_type":"application\/octet-stream"}}
{"timestamp":"2019-04-04T17:10:30.090711+0000","flow_id":271440767509079,"pcap_cnt":316,"event_type":"dns","src_ip":"192.168.100.134","src_port":56436,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56177,"rrname":"www.geoplugin.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-04T17:10:30.096288+0000","flow_id":271440767509079,"pcap_cnt":317,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":56436,"proto":"UDP","dns":{"type":"answer","id":56177,"rcode":"NOERROR","rrname":"www.geoplugin.net","rrtype":"CNAME","ttl":718,"rdata":"geoplugin.net"}}
{"timestamp":"2019-04-04T17:10:30.096288+0000","flow_id":271440767509079,"pcap_cnt":317,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":56436,"proto":"UDP","dns":{"type":"answer","id":56177,"rcode":"NOERROR","rrname":"geoplugin.net","rrtype":"A","ttl":3239,"rdata":"178.237.33.50"}}
{"timestamp":"2019-04-04T17:10:30.363896+0000","flow_id":652526773243256,"pcap_cnt":324,"event_type":"dns","src_ip":"192.168.100.134","src_port":58459,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":2328,"rrname":"pocxc.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-04T17:10:30.386249+0000","flow_id":652526773243256,"pcap_cnt":325,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":58459,"proto":"UDP","dns":{"type":"answer","id":2328,"rcode":"NOERROR","rrname":"pocxc.com","rrtype":"A","ttl":59,"rdata":"54.214.239.35"}}
{"timestamp":"2019-04-04T17:10:30.386249+0000","flow_id":652526773243256,"pcap_cnt":325,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":58459,"proto":"UDP","dns":{"type":"answer","id":2328,"rcode":"NOERROR","rrname":"pocxc.com","rrtype":"A","ttl":59,"rdata":"54.244.220.171"}}
{"timestamp":"2019-04-04T17:10:30.427681+0000","flow_id":388755651721702,"pcap_cnt":330,"event_type":"alert","src_ip":"192.168.100.134","src_port":50306,"dest_ip":"178.237.33.50","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2812116,"rev":3,"signature":"ETPRO POLICY External IP Address\/Location Disclosure - geoplugin.net","category":"Potential Corporate Privacy Violation","severity":1},"app_proto":"http"}
{"timestamp":"2019-04-04T17:10:30.427681+0000","flow_id":388755651721702,"pcap_cnt":330,"event_type":"http","src_ip":"192.168.100.134","src_port":50306,"dest_ip":"178.237.33.50","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.geoplugin.net","url":"\/json.gp","http_user_agent":"Mozilla\/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident\/5.0)","http_content_type":"text\/plain"}}
{"timestamp":"2019-04-04T17:10:30.439069+0000","flow_id":388755651721702,"pcap_cnt":331,"event_type":"fileinfo","src_ip":"178.237.33.50","src_port":80,"dest_ip":"192.168.100.134","dest_port":50306,"proto":"TCP","http":{"hostname":"www.geoplugin.net","url":"\/json.gp","http_user_agent":"Mozilla\/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident\/5.0)","http_content_type":"text\/plain","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":949},"app_proto":"http","fileinfo":{"filename":"\/json.gp","gaps":false,"state":"CLOSED","stored":false,"size":949,"tx_id":0}}
{"timestamp":"2019-04-04T17:10:31.008320+0000","flow_id":1886694215721088,"pcap_cnt":336,"event_type":"dns","src_ip":"192.168.100.134","src_port":59384,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22004,"rrname":"d2jgfhso8djkf1.cloudfront.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-04T17:10:31.067921+0000","flow_id":1097702280980876,"pcap_cnt":337,"event_type":"http","src_ip":"192.168.100.134","src_port":50312,"dest_ip":"54.214.239.35","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"pocxc.com","url":"\/","http_user_agent":"Mozilla\/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident\/5.0)","http_content_type":"text\/plain"}}
{"timestamp":"2019-04-04T17:10:31.067921+0000","flow_id":1097702280980876,"pcap_cnt":337,"event_type":"fileinfo","src_ip":"192.168.100.134","src_port":50312,"dest_ip":"54.214.239.35","dest_port":80,"proto":"TCP","http":{"hostname":"pocxc.com","url":"\/","http_user_agent":"Mozilla\/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident\/5.0)","http_content_type":"text\/plain","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":170},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":347,"tx_id":0}}
{"timestamp":"2019-04-04T17:10:31.090623+0000","flow_id":1097702280980876,"pcap_cnt":338,"event_type":"fileinfo","src_ip":"54.214.239.35","src_port":80,"dest_ip":"192.168.100.134","dest_port":50312,"proto":"TCP","http":{"hostname":"pocxc.com","url":"\/","http_user_agent":"Mozilla\/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident\/5.0)","http_content_type":"text\/plain","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":170},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":170,"tx_id":0}}
{"timestamp":"2019-04-04T17:10:31.116970+0000","flow_id":1886694215721088,"pcap_cnt":340,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":59384,"proto":"UDP","dns":{"type":"answer","id":22004,"rcode":"NOERROR","rrname":"d2jgfhso8djkf1.cloudfront.net","rrtype":"A","ttl":59,"rdata":"143.204.194.64"}}
{"timestamp":"2019-04-04T17:10:31.116970+0000","flow_id":1886694215721088,"pcap_cnt":340,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":59384,"proto":"UDP","dns":{"type":"answer","id":22004,"rcode":"NOERROR","rrname":"d2jgfhso8djkf1.cloudfront.net","rrtype":"A","ttl":59,"rdata":"143.204.194.225"}}
{"timestamp":"2019-04-04T17:10:31.116970+0000","flow_id":1886694215721088,"pcap_cnt":340,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":59384,"proto":"UDP","dns":{"type":"answer","id":22004,"rcode":"NOERROR","rrname":"d2jgfhso8djkf1.cloudfront.net","rrtype":"A","ttl":59,"rdata":"143.204.194.62"}}
{"timestamp":"2019-04-04T17:10:31.116970+0000","flow_id":1886694215721088,"pcap_cnt":340,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":59384,"proto":"UDP","dns":{"type":"answer","id":22004,"rcode":"NOERROR","rrname":"d2jgfhso8djkf1.cloudfront.net","rrtype":"A","ttl":59,"rdata":"143.204.194.71"}}
{"timestamp":"2019-04-04T17:10:31.463238+0000","flow_id":1336592657010514,"pcap_cnt":350,"event_type":"http","src_ip":"192.168.100.134","src_port":50324,"dest_ip":"143.204.194.64","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"d2jgfhso8djkf1.cloudfront.net","url":"\/qeZmcIC6T7r8.7z","http_user_agent":"Mozilla\/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident\/5.0)","http_content_type":"application\/octet-stream"}}
{"timestamp":"2019-04-04T17:10:31.478638+0000","flow_id":384765627157934,"pcap_cnt":351,"event_type":"dns","src_ip":"192.168.100.134","src_port":61181,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":43846,"rrname":"pxl-nw-svr-981333793.us-east-1.elb.amazonaws.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-04-04T17:10:31.492828+0000","flow_id":384765627157934,"pcap_cnt":352,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":61181,"proto":"UDP","dns":{"type":"answer","id":43846,"rcode":"NOERROR","rrname":"pxl-nw-svr-981333793.us-east-1.elb.amazonaws.com","rrtype":"A","ttl":38,"rdata":"54.210.222.249"}}
{"timestamp":"2019-04-04T17:10:31.492828+0000","flow_id":384765627157934,"pcap_cnt":352,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.134","dest_port":61181,"proto":"UDP","dns":{"type":"answer","id":43846,"rcode":"NOERROR","rrname":"pxl-nw-svr-981333793.us-east-1.elb.amazonaws.com","rrtype":"A","ttl":38,"rdata":"34.225.106.150"}}
{"timestamp":"2019-04-04T17:10:31.974325+0000","flow_id":2203108751412108,"pcap_cnt":359,"event_type":"alert","src_ip":"192.168.100.134","src_port":50330,"dest_ip":"54.210.222.249","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2019622,"rev":2,"signature":"ET MALWARE Win32\/DealPly Checkin","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-04-04T17:10:31.974325+0000","flow_id":2203108751412108,"pcap_cnt":359,"event_type":"http","src_ip":"192.168.100.134","src_port":50330,"dest_ip":"54.210.222.249","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"pxl-nw-svr-981333793.us-east-1.elb.amazonaws.com","url":"\/pxl\/?e=-1&c=113163238","http_user_agent":"Mozilla\/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident\/5.0)","http_content_type":"image\/gif"}}
{"timestamp":"2019-04-04T17:10:31.974325+0000","flow_id":2203108751412108,"pcap_cnt":359,"event_type":"fileinfo","src_ip":"192.168.100.134","src_port":50330,"dest_ip":"54.210.222.249","dest_port":80,"proto":"TCP","http":{"hostname":"pxl-nw-svr-981333793.us-east-1.elb.amazonaws.com","url":"\/pxl\/?e=-1&c=113163238","http_user_agent":"Mozilla\/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident\/5.0)","http_content_type":"image\/gif","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":26},"app_proto":"http","fileinfo":{"filename":"\/pxl\/","gaps":false,"state":"CLOSED","stored":false,"size":138,"tx_id":0}}
{"timestamp":"2019-04-04T17:14:15.431134+0000","flow_id":2140019976664243,"event_type":"fileinfo","src_ip":"143.204.194.213","src_port":80,"dest_ip":"192.168.100.134","dest_port":50302,"proto":"TCP","http":{"hostname":"dphte6lva39p2.cloudfront.net","url":"\/","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":79406},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":79406,"tx_id":0}}
{"timestamp":"2019-04-04T17:14:15.431134+0000","flow_id":1336592657010514,"event_type":"fileinfo","src_ip":"143.204.194.64","src_port":80,"dest_ip":"192.168.100.134","dest_port":50324,"proto":"TCP","http":{"hostname":"d2jgfhso8djkf1.cloudfront.net","url":"\/qeZmcIC6T7r8.7z","http_user_agent":"Mozilla\/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident\/5.0)","http_content_type":"application\/octet-stream","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":1},"app_proto":"http","fileinfo":{"filename":"\/qeZmcIC6T7r8.7z","gaps":false,"state":"CLOSED","stored":false,"size":1,"tx_id":0}}
{"timestamp":"2019-04-04T17:14:15.431134+0000","flow_id":2203108751412108,"event_type":"fileinfo","src_ip":"54.210.222.249","src_port":80,"dest_ip":"192.168.100.134","dest_port":50330,"proto":"TCP","http":{"hostname":"pxl-nw-svr-981333793.us-east-1.elb.amazonaws.com","url":"\/pxl\/?e=-1&c=113163238","http_user_agent":"Mozilla\/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident\/5.0)","http_content_type":"image\/gif","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":26},"app_proto":"http","fileinfo":{"filename":"\/pxl\/","gaps":false,"state":"CLOSED","stored":false,"size":26,"tx_id":0}}


keyword_perf.log - (12470 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/23/2019 -- 07:20:06
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1514185         485             485             22333           3122.00         3122.00         0.00           
  content          7653866         737             460             289237          10385.00        9413.00         11999.00       
  pcre             727850          133             23              33047           5472.00         6251.00         5309.00        
  byte_test        420567          123             79              50047           3419.00         3649.00         3006.00        
  byte_jump        44091           15              15              4308            2939.00         2939.00         0.00           
  isdataat         20349           7               0               3168            2907.00         0.00            2907.00        
  flowbits         14611           4               4               5298            3652.00         3652.00         0.00           
  urilen           293651          92              17              15112           3191.00         2852.00         3268.00        
  byte_extract     9132            2               2               4670            4566.00         4566.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1514185         485             485             22333           3122.00         3122.00         0.00           
  flowbits         14611           4               4               5298            3652.00         3652.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          625260          170             107             16792           3678.00         3535.00         3919.00        
  pcre             65284           4               1               33047           16321.00        10423.00        18287.00       
  byte_test        420567          123             79              50047           3419.00         3649.00         3006.00        
  byte_jump        44091           15              15              4308            2939.00         2939.00         0.00           
  isdataat         17181           6               0               2963            2863.00         0.00            2863.00        
  byte_extract     9132            2               2               4670            4566.00         4566.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          220962          50              19              55749           4419.00         3504.00         4979.00        
  pcre             217103          34              2               17089           6385.00         3891.00         6541.00        
  isdataat         3168            1               0               3168            3168.00         0.00            3168.00        
  urilen           293651          92              17              15112           3191.00         2852.00         3268.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21448           4               2               7563            5362.00         5223.00         5500.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          14770           5               0               3104            2954.00         0.00            2954.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5249669         112             42              289237          46872.00        65135.00        35914.00       
  pcre             178435          52              0               14597           3431.00         0.00            3431.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1106639         289             204             46804           3829.00         3899.00         3660.00        
  pcre             193223          29              12              20540           6662.00         6736.00         6611.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          87059           25              24              4778            3482.00         3511.00         2790.00        
  pcre             29059           6               0               10020           4843.00         0.00            4843.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          8145            2               2               4319            4072.00         4072.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          21339           6               4               4308            3556.00         3605.00         3458.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          277990          68              52              23408           4088.00         4296.00         3412.00        
  pcre             44746           8               8               12028           5593.00         5593.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4014            1               1               4014            4014.00         4014.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          16571           5               3               4039            3314.00         3106.00         3626.00        


IDSDeathBlossom.py.log - (1178 bytes) - download
1
2
3
4
5
6
7
8
2019-05-23 07:19:43,981 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-23 07:19:44,695 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-23 07:19:44,695 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-23 07:19:44,696 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-23 07:19:44,696 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-23 07:19:44,696 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/3f6b639cd965593142ca9e7cca9cef0b56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05232019.0719-53dee84a-41a1-4ec0-86eb-23909a800af1_1.pcap -vvv -k none
2019-05-23 07:20:06,330 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-23 07:20:06,331 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.3618710041


unified2.alert.1558596004 - (812 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
4\¦:††¡*èÔ!À¨d†²í!2ĂPß\¦:†\¦:††¡ÃEµÀõÀ¨d†²í!2ĂPP¨‚GET /json.gp HTTP/1.1
Accept: */*
Host: www.geoplugin.net
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)

4\¦:‡ÝõÑ&À¨d†6ÒÞùĚPÅ\¦:‡\¦:‡Ýõ©E›~cÀ¨d†6ÒÞùĚPP¿ÑPOST /pxl/?e=-1&c=113163238 HTTP/1.1
Accept: */*
Host: pxl-nw-svr-981333793.us-east-1.elb.amazonaws.com
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/5.0)
Content-Length: 138
Cache-Control: no-cache

1R1F1Q1Pzu0H0D0RtBtN1TzutN1Czu0ItN2Y1L1QzuyDtByDyEtDtDyE0AtDyE0A0FtAyCyEyBtN1FzuyCtFtCtN1Izu0E1G1N1I1L1B1MtN1GzutDtN2XzutDtDtCtBtN1MzutGtA