Filename: d4f2a910-3f10-4118-9ac8-4a9d7ca2d4b9.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 28.1145150661 seconds
Hash: 4b9ddf0f0fe9b56f2186e33aa0345561
Uploaded: 1568818255

Logfiles


suricata-4.0.0-etpro-all-alert-2019-09-18-T-14-51-23-09182019.1450-d4f2a910-3f10-4118-9ac8-4a9d7ca2d4b9.pcap.txt - (1875 bytes) - download
1
2
3
4
5
6
7
8
9
09/18/2019-14:47:53.561352  [**] [1:2404314:4989] ET CNC Feodo Tracker Reported CnC Server group 15 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.129:49274 -> 37.187.4.178:80
09/18/2019-14:47:57.221158  [**] [1:2827580:7] ETPRO TROJAN W32/Emotet.v4 Checkin 2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.129:49274 -> 37.187.4.178:80
09/18/2019-14:47:57.221158  [**] [1:2828008:2] ETPRO TROJAN W32/Emotet.v4 Checkin 3 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.129:49274 -> 37.187.4.178:80
09/18/2019-14:47:57.221158  [**] [1:2018358:7] ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.100.129:49274 -> 37.187.4.178:80
09/18/2019-14:48:27.197394  [**] [1:2404309:4989] ET CNC Feodo Tracker Reported CnC Server group 10 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.129:49783 -> 193.169.54.12:8080
09/18/2019-14:48:44.820786  [**] [1:2827279:5] ETPRO TROJAN W32/Emotet.v4 Checkin [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.129:49783 -> 193.169.54.12:8080
09/18/2019-14:48:44.820786  [**] [1:2827580:7] ETPRO TROJAN W32/Emotet.v4 Checkin 2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.129:49783 -> 193.169.54.12:8080
09/18/2019-14:48:44.820786  [**] [1:2828008:2] ETPRO TROJAN W32/Emotet.v4 Checkin 3 [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 192.168.100.129:49783 -> 193.169.54.12:8080
09/18/2019-14:48:44.820786  [**] [1:2018358:7] ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1 [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.100.129:49783 -> 193.169.54.12:8080


suricata-report-2019-09-18-T-14-51-23-09182019.1450-d4f2a910-3f10-4118-9ac8-4a9d7ca2d4b9.pcap.txt - (17707 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/4b9ddf0f0fe9b56f2186e33aa034556156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09182019.1450-d4f2a910-3f10-4118-9ac8-4a9d7ca2d4b9.pcap -vvv -k none
elapsedtime:26.978684
stderr:
stdout:
18/9/2019 -- 14:50:56 - <Info> - Configuration node 'rule-files' redefined.
18/9/2019 -- 14:50:56 - <Notice> - This is Suricata version 4.0.0 RELEASE
18/9/2019 -- 14:50:56 - <Info> - CPUs/cores online: 1
18/9/2019 -- 14:50:56 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 34394 and 'request-body-inspect-window' set to 16731 after randomization.
18/9/2019 -- 14:50:56 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31739 and 'response-body-inspect-window' set to 16096 after randomization.
18/9/2019 -- 14:50:56 - <Config> - DNS request flood protection level: 500
18/9/2019 -- 14:50:56 - <Config> - DNS per flow memcap (state-memcap): 524288
18/9/2019 -- 14:50:56 - <Config> - DNS global memcap: 16777216
18/9/2019 -- 14:50:56 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
18/9/2019 -- 14:50:56 - <Config> - preallocated 1000 hosts of size 136
18/9/2019 -- 14:50:56 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
18/9/2019 -- 14:50:56 - <Config> - using magic-file /usr/share/file/magic
18/9/2019 -- 14:50:56 - <Config> - Core dump size is unlimited.
18/9/2019 -- 14:50:56 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
18/9/2019 -- 14:50:56 - <Config> - preallocated 1000 defrag trackers of size 168
18/9/2019 -- 14:50:56 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
18/9/2019 -- 14:50:56 - <Config> - stream "prealloc-sessions": 2048 (per thread)
18/9/2019 -- 14:50:56 - <Config> - stream "memcap": 33554432
18/9/2019 -- 14:50:56 - <Config> - stream "midstream" session pickups: disabled
18/9/2019 -- 14:50:56 - <Config> - stream "async-oneside": disabled
18/9/2019 -- 14:50:56 - <Config> - stream "checksum-validation": disabled
18/9/2019 -- 14:50:56 - <Config> - stream."inline": disabled
18/9/2019 -- 14:50:56 - <Config> - stream "bypass": disabled
18/9/2019 -- 14:50:56 - <Config> - stream "max-synack-queued": 5
18/9/2019 -- 14:50:56 - <Config> - stream.reassembly "memcap": 134217728
18/9/2019 -- 14:50:56 - <Config> - stream.reassembly "depth": 0
18/9/2019 -- 14:50:56 - <Config> - stream.reassembly "toserver-chunk-size": 2605
18/9/2019 -- 14:50:56 - <Config> - stream.reassembly "toclient-chunk-size": 2439
18/9/2019 -- 14:50:56 - <Config> - stream.reassembly.raw: enabled
18/9/2019 -- 14:50:56 - <Config> - stream.reassembly "segment-prealloc": 2048
18/9/2019 -- 14:50:56 - <Config> - Delayed detect disabled
18/9/2019 -- 14:50:56 - <Config> - pattern matchers: MPM: ac, SPM: bm
18/9/2019 -- 14:50:56 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
18/9/2019 -- 14:50:56 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
18/9/2019 -- 14:50:56 - <Config> - prefilter engines: MPM
18/9/2019 -- 14:50:56 - <Config> - IP reputation disabled
18/9/2019 -- 14:50:56 - <Perf> - Registered 148 keyword profiling counters.
18/9/2019 -- 14:50:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
18/9/2019 -- 14:50:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
18/9/2019 -- 14:50:56 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
18/9/2019 -- 14:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
18/9/2019 -- 14:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
18/9/2019 -- 14:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
18/9/2019 -- 14:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
18/9/2019 -- 14:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
18/9/2019 -- 14:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
18/9/2019 -- 14:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
18/9/2019 -- 14:51:02 - <Config> - No rules loaded from ET-icmp.rules.
18/9/2019 -- 14:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
18/9/2019 -- 14:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
18/9/2019 -- 14:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
18/9/2019 -- 14:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
18/9/2019 -- 14:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
18/9/2019 -- 14:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
18/9/2019 -- 14:51:02 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
18/9/2019 -- 14:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
18/9/2019 -- 14:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
18/9/2019 -- 14:51:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
18/9/2019 -- 14:51:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
18/9/2019 -- 14:51:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
18/9/2019 -- 14:51:06 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
18/9/2019 -- 14:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
18/9/2019 -- 14:51:08 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
18/9/2019 -- 14:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
18/9/2019 -- 14:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
18/9/2019 -- 14:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
18/9/2019 -- 14:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
18/9/2019 -- 14:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
18/9/2019 -- 14:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
18/9/2019 -- 14:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
18/9/2019 -- 14:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
18/9/2019 -- 14:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
18/9/2019 -- 14:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
18/9/2019 -- 14:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
18/9/2019 -- 14:51:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
18/9/2019 -- 14:51:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
18/9/2019 -- 14:51:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
18/9/2019 -- 14:51:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
18/9/2019 -- 14:51:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
18/9/2019 -- 14:51:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
18/9/2019 -- 14:51:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
18/9/2019 -- 14:51:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
18/9/2019 -- 14:51:11 - <Config> - No rules loaded from local.rules.
18/9/2019 -- 14:51:11 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
18/9/2019 -- 14:51:11 - <Info> - Threshold config parsed: 0 rule(s) found
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for tcp-packet
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for tcp-stream
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for udp-packet
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for other-ip
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_uri
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_request_line
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_client_body
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_response_line
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_header
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_header
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_header_names
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_header_names
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_accept
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_accept_enc
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_accept_lang
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_referer
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_connection
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_content_len
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_content_len
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_content_type
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_content_type
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_protocol
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_protocol
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_start
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_start
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_raw_header
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_raw_header
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_method
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_cookie
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_cookie
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_raw_uri
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_user_agent
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_host
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_raw_host
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_stat_msg
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_stat_code
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for dns_query
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for tls_sni
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for tls_cert_issuer
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for tls_cert_subject
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for tls_cert_serial
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for dce_stub_data
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for dce_stub_data
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for ssh_protocol
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for ssh_protocol
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for ssh_software
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for ssh_software
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for file_data
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for file_data
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_request_line
18/9/2019 -- 14:51:11 - <Perf> - using shared mpm ctx' for http_response_line
18/9/2019 -- 14:51:12 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
18/9/2019 -- 14:51:12 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
18/9/2019 -- 14:51:12 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
18/9/2019 -- 14:51:12 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
18/9/2019 -- 14:51:12 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
18/9/2019 -- 14:51:12 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
18/9/2019 -- 14:51:12 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
18/9/2019 -- 14:51:12 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
18/9/2019 -- 14:51:18 - <Perf> - Unique rule groups: 104
18/9/2019 -- 14:51:18 - <Perf> - Builtin MPM "toserver TCP packet": 35
18/9/2019 -- 14:51:18 - <Perf> - Builtin MPM "toclient TCP packet": 17
18/9/2019 -- 14:51:18 - <Perf> - Builtin MPM "toserver TCP stream": 33
18/9/2019 -- 14:51:18 - <Perf> - Builtin MPM "toclient TCP stream": 19
18/9/2019 -- 14:51:18 - <Perf> - Builtin MPM "toserver UDP packet": 27
18/9/2019 -- 14:51:18 - <Perf> - Builtin MPM "toclient UDP packet": 17
18/9/2019 -- 14:51:18 - <Perf> - Builtin MPM "other IP packet": 3
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_uri": 14
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_request_line": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_client_body": 6
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toclient http_response_line": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_header": 10
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toclient http_header": 6
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_header_names": 2
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_accept": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_referer": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_content_len": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_content_type": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toclient http_content_type": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_protocol": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_start": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_method": 5
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_cookie": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toclient http_cookie": 2
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver http_host": 2
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver dns_query": 4
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver tls_sni": 2
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toserver file_data": 1
18/9/2019 -- 14:51:18 - <Perf> - AppLayer MPM "toclient file_data": 7
18/9/2019 -- 14:51:21 - <Perf> - Registered 39590 rule profiling counters.
18/9/2019 -- 14:51:21 - <Info> - fast output device (regular) initialized: alert
18/9/2019 -- 14:51:21 - <Info> - eve-log output device (regular) initialized: eve.json
18/9/2019 -- 14:51:21 - <Config> - enabling 'eve-log' module 'alert'
18/9/2019 -- 14:51:21 - <Config> - enabling 'eve-log' module 'http'
18/9/2019 -- 14:51:21 - <Config> - enabling 'eve-log' module 'dns'
18/9/2019 -- 14:51:21 - <Config> - enabling 'eve-log' module 'tls'
18/9/2019 -- 14:51:21 - <Config> - enabling 'eve-log' module 'files'
18/9/2019 -- 14:51:21 - <Config> - enabling 'eve-log' module 'ssh'
18/9/2019 -- 14:51:21 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
18/9/2019 -- 14:51:21 - <Info> - stats output device (regular) initialized: stats.log
18/9/2019 -- 14:51:21 - <Config> - AutoFP mode using "Hash" flow load balancer
18/9/2019 -- 14:51:21 - <Info> - reading pcap file /var/pcap/09182019.1450-d4f2a910-3f10-4118-9ac8-4a9d7ca2d4b9.pcap
18/9/2019 -- 14:51:21 - <Config> - us

This file has been truncated. Go here to download in full.


packet_stats.log - (14062 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            20           358436       73132878      45144433        902.9m   26.90
 IPv4      17            54          4450928       76835498      39060646          2.1b   62.84
 IPv6      17            12          5268816       74755842      28721841        344.7m   10.27
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            20           118288       24982506       2196312         43.9m   59.79
TMM_FLOWWORKER              IPv4      17            54           209006        1296328        442699         23.9m   32.54
TMM_RECEIVEPCAPFILE         IPv4       6            16             4448          20434          5690         91.0k    0.12
TMM_RECEIVEPCAPFILE         IPv4      17            54             4444           8524          5012        270.7k    0.37
TMM_DECODEPCAPFILE          IPv4       6            16             4574          19414          5867         93.9k    0.13
TMM_DECODEPCAPFILE          IPv4      17            54             4590          82100          7292        393.8k    0.54
TMM_FLOWWORKER              IPv6      17            12           189602         738490        386044          4.6m    6.31
TMM_RECEIVEPCAPFILE         IPv6      17            12             4432           7246          5153         61.8k    0.08
TMM_DECODEPCAPFILE          IPv6      17            12             4664          31198          7390         88.7k    0.12

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            16             4786           9412          6137         98.2k  0.15  
flow                    IPv4      17            54             4744          45658          7179        387.7k  0.59  
stream                  IPv4       6            20             5384         677598         66222          1.3m  2.01  
app-layer               IPv4      17            54             4434          58398          7381        398.6k  0.60  
detect                  IPv4       6            20            77686       24202128       1860710         37.2m  56.46 
detect                  IPv4      17            54           180694        1266594        406886         22.0m  33.33 
tcp-prune               IPv4       6            20             4472          12554          6004        120.1k  0.18  
flow                    IPv6      17            12             4814          22146          8853        106.2k  0.16  
app-layer               IPv6      17            12             4484          19032          9837        118.1k  0.18  
detect                  IPv6      17            12           161330         709748        348002          4.2m  6.34  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             3             8952          76350         32994         99.0k  100.00
Proto detect            IPv4       6             1            11622          11622         11622         11.6k
Proto detect            IPv4      17             7             4648          44378         11316         79.2k
Proto detect            IPv6      17             5             5424           9404          6984         34.9k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             4           110326        1165174        424278          1.7m  38.12 
LOGGER_UNIFIED2             IPv4       6             4            49396         617994        223781        895.1k  20.10 
LOGGER_JSON_ALERT           IPv4       6             4            88568         832190        327715          1.3m  29.44 
LOGGER_JSON_HTTP            IPv4       6             2            75724         144194        109959        219.9k  4.94  
LOGGER_JSON_FILE            IPv4       6             3            89342         123560        109766        329.3k  7.40  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6             7             4724         223996         71475       500.3k  11.46 
payload                           IPv4      17            54             5392         393588         34217         1.8m  42.33 
stream                            IPv4       6             7             4482         374050        112747       789.2k  18.08 
http_uri                          IPv4       6             2             7180          16034         11607        23.2k  0.53  
http_request_line                 IPv4       6             2            10574          10788         10681        21.4k  0.49  
http_client_body                  IPv4       6             2            46190          75708         60949       121.9k  2.79  
http_header (request)             IPv4       6             2           111020         117700        114360       228.7k  5.24  
http_header (request trailer)     IPv4       6             2             4746           5182          4964         9.9k  0.23  
http_header_names (request)       IPv4       6             2            27400          42574         34987        70.0k  1.60  
http_accept (request)             IPv4       6             2             6566           8822          7694        15.4k  0.35  
http_referer (request)            IPv4       6             2             5208           6832          6020        12.0k  0.28  
http_content_len (request)        IPv4       6             2             7754           8290          8022        16.0k  0.37  
http_content_type (request)       IPv4       6             2             5902           6246          6074        12.1k  0.28  
http_protocol (request)           IPv4       6             2             7418           8250          7834        15.7k  0.36  
http_start (request)              IPv4       6             2            19122          67554         43338        86.7k  1.99  
http_raw_header (request)         IPv4       6             2            19958          32552         26255        52.5k  1.20  
http_method                       IPv4       6             2             8668          11944         10306        20.6k  0.47  
http_cookie (request)             IPv4       6             2             5832           6248          6040        12.1k  0.28  
http_raw_uri                      IPv4       6             2             4940           5428          5184        10.4k  0.24  
http_user_agent                   IPv4       6             2            47146          56194         51670       103.3k  2.37  
http_host                         IPv4       6             2             7528           8898          8213        16.4k  0.38  
http_response_line                IPv4       6             1            10848          10848         10848        10.8k  0.25  
http_header (response)            IPv4       6             1            53222          53222         53222        53.2k  1.22  
http_header (response trailer)    IPv4       6             1             4496           4496          4496         4.5k  0.10  
http_content_type (response)      IPv4       6             1            13022          13022         13022        13.0k  0.30  
http_raw_header (response)        IPv4       6             1            13552          13552         13552        13.6k  0.31  
http_cookie (response)            IPv4       6             1             5606           5606          5606         5.6k  0.13  
http_stat_code                    IPv4       6             1            13708          13708         13708        13.7k  0.31  
Total                             IPv4                   111                                         36938         4.1m
payload                           IPv6      17            12             5592          53096         22049       264.6k  6.06  
Total                             IPv6                    12                                         22049       264.6k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             4            17658         599862        193081        772.3k  0.98  
PROF_DETECT_IPONLY          IPv4      17             7            49148         183176        100141        701.0k  0.89  
PROF_DETECT_RULES           IPv4       6            20             4630       23026936       1543837         30.9m  39.33 
PROF_DETECT_RULES           IPv4      17            54            77378         758372        216079         11.7m  14.86 
PROF_DETECT_STATEFUL_START    IPv4       6             4            13714       10987302       3540138         14.2m  18.04 
PROF_DETECT_STATEFUL_CONT    IPv4       6            20             4676          58956         11055        221.1k  0.28  
PROF_DETECT_STATEFUL_CONT    IPv4      17            54             4402          62878          6104        329.6k  0.42  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6             9             4478           5768          4910         44.2k  0.06  
PROF_DETECT_PREFILTER       IPv4       6            20            13652        1067382        162728          3.3m  4.15  
PROF_DETECT_PREFILTER       IPv4      17            54            41564         482074         84809          4.6m  5.83  
PROF_DETECT_PF_PAYLOAD      IPv4       6             7            44632         393704        200809          1.4m  1.79  
PROF_DETECT_PF_PAYLOAD      IPv4      17            54            14420         403650         44489          2.4m  3.06  
PROF_DETECT_PF_TX           IPv4       6             9             4746         616036        140022          1.3m  1.61  
PROF_DETECT_PF_SORT1        IPv4       6             7             4566          16894          8844         61.9k  0.08  
PROF_DETECT_PF_SORT1        IPv4      17            54             4528           8480          5650        305.1k  0.39  
PROF_DETECT_PF_SORT2        IPv4       6            20             4420          12416          6170        123.4k  0.16  
PROF_DETECT_PF_SORT2        IPv4      17            54             4444           7630          5058        273.1k  0.35  
PROF_DETECT_NONMPMLIST      IPv4       6            20             4476          38692          7588        151.8k  0.19  
PROF_DETECT_NONMPMLIST      IPv4      17            54             4414           8488          5138        277.5k  0.35  
PROF_DETECT_ALERT           IPv4       6            20             4438          67996          9137        182.7k  0.23  
PROF_DETECT_ALERT           IPv4      17            54             4420          24040          5144        277.8k  0.35  
PROF_DETECT_CLEANUP         IPv4       6            20             4486         504798         30831        616.6k  0.79  
PROF_DETECT_CLEANUP         IPv4      17            54             4412          25390          5619        303.5k  0.39  
PROF_DETECT_GETSGH          IPv4       6            20             4514          14260          6517        130.3k  0.17  
PROF_DETECT_GETSGH          IPv4      17            54             4420          46892          6764        365.3k  0.47  
PROF_DETECT_IPONLY          IPv6      17             5             5876          12558          9742         48.7k  0.06  
PROF_DETECT_RULES           IPv6      17            12            59228         475510        140447          1.7m  2.15  
PROF_DETECT_STATEFUL_CONT    IPv6      17            12             4488          19298          6490         77.9k  0.10  
PROF_DETECT_PREFILTER       IPv6      17            12            41742         461268         96711          1.2m  1.48  
PROF_DETECT_PF_PAYLOAD      IPv6      17            12            14456          62256         31353        376.2k  0.48  
PROF_DETECT_PF_SORT1        IPv6      17            12             4562           6596          5428         65.1k  0.08  
PROF_DETECT_PF_SORT2        IPv6      17            12             4448           7654          5171         62.1k  0.08  
PROF_DETECT_NONMPMLIST      IPv6      17            12             4446           5476          4747         57.0k  0.07  
PROF_DETECT_ALERT           IPv6      17            12             4420           6518          4819         57.8k  0.07  
PROF_DETECT_CLEANUP         IPv6      17            12             4430           8572          5258         63.1k  0.08  
PROF_DETECT_GETSGH          IPv6      17            12             4562          26082          9150        109.8k  0.14  


suricata-4.0.0-etpro-all-perf.txt-2019-09-18-T-14-51-23-09182019.1450-d4f2a910-3f10-4118-9ac8-4a9d7ca2d4b9.pcap.txt - (21974 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 9/18/2019 -- 14:51:23. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2018983      1        7        8541866      24.27  2        0        8493272     4270933.00  0.00        4270933.00 
  2        2020825      1        6        5808914      16.50  4        0        5714970     1452228.50  0.00        1452228.50 
  3        2816940      1        2        607374       1.73   2        0        518994      303687.00   0.00        303687.00  
  4        2828122      1        2        559526       1.59   2        0        513706      279763.00   0.00        279763.00  
  5        2816525      1        10       538596       1.53   2        0        483008      269298.00   0.00        269298.00  
  6        2816924      1        4        523578       1.49   2        0        477992      261789.00   0.00        261789.00  
  7        2023315      1        2        530998       1.51   2        0        475252      265499.00   0.00        265499.00  
  8        2011894      1        19       516414       1.47   2        0        470736      258207.00   0.00        258207.00  
  9        2019693      1        5        520442       1.48   2        0        463864      260221.00   0.00        260221.00  
  10       2013739      1        15       706092       2.01   58       0        432572      12174.00    0.00        12174.00   
  11       2828008      1        2        393132       1.12   2        2        227434      196566.00   196566.00   0.00       
  12       2018452      1        15       285052       0.81   2        0        226780      142526.00   0.00        142526.00  
  13       2827580      1        7        403962       1.15   2        2        212464      201981.00   201981.00   0.00       
  14       2018358      1        7        319494       0.91   2        2        164364      159747.00   159747.00   0.00       
  15       2827279      1        5        251348       0.71   2        1        142168      125674.00   142168.00   109180.00  
  16       2823166      1        3        244908       0.70   2        0        138036      122454.00   0.00        122454.00  
  17       2805348      1        4        1101810      3.13   13       0        135676      84754.62    0.00        84754.62   
  18       2019881      1        3        209542       0.60   2        0        110254      104771.00   0.00        104771.00  
  19       2022339      1        2        183330       0.52   2        0        107530      91665.00    0.00        91665.00   
  20       2816909      1        2        200572       0.57   2        0        105784      100286.00   0.00        100286.00  
  21       2018013      1        3        135284       0.38   2        0        105290      67642.00    0.00        67642.00   
  22       2816910      1        2        186434       0.53   2        0        96528       93217.00    0.00        93217.00   
  23       2024178      1        2        135380       0.38   2        0        89626       67690.00    0.00        67690.00   
  24       2812916      1        6        134206       0.38   2        0        87678       67103.00    0.00        67103.00   
  25       2020470      1        6        202036       0.57   4        0        87216       50509.00    0.00        50509.00   
  26       2020388      1        8        91564        0.26   2        0        85392       45782.00    0.00        45782.00   
  27       2017552      1        6        149552       0.42   3        0        81670       49850.67    0.00        49850.67   
  28       2829848      1        2        81146        0.23   1        0        81146       81146.00    0.00        81146.00   
  29       2820851      1        5        139642       0.40   2        0        80262       69821.00    0.00        69821.00   
  30       2821561      1        2        138890       0.39   2        0        78128       69445.00    0.00        69445.00   
  31       2021069      1        2        77962        0.22   1        1        77962       77962.00    77962.00    0.00       
  32       2018958      1        18       144098       0.41   2        0        76700       72049.00    0.00        72049.00   
  33       2025064      1        5        133880       0.38   2        0        76348       66940.00    0.00        66940.00   
  34       2821615      1        2        122106       0.35   2        0        74904       61053.00    0.00        61053.00   
  35       2017613      1        9        135836       0.39   2        0        74080       67918.00    0.00        67918.00   
  36       2023670      1        3        144844       0.41   2        2        72894       72422.00    72422.00    0.00       
  37       2019344      1        5        119524       0.34   2        0        71240       59762.00    0.00        59762.00   
  38       2016922      1        12       119520       0.34   2        0        69596       59760.00    0.00        59760.00   
  39       2023875      1        2        131584       0.37   2        0        69382       65792.00    0.00        65792.00   
  40       2816165      1        5        124562       0.35   2        0        69194       62281.00    0.00        62281.00   
  41       2815324      1        2        125378       0.36   2        0        68852       62689.00    0.00        62689.00   
  42       2010140      1        7        523256       1.49   58       0        66546       9021.66     0.00        9021.66    
  43       2020369      1        3        71926        0.20   2        0        66364       35963.00    0.00        35963.00   
  44       2018242      1        5        120518       0.34   2        0        65876       60259.00    0.00        60259.00   
  45       2816327      1        4        123028       0.35   2        0        65870       61514.00    0.00        61514.00   
  46       2022197      1        3        65502        0.19   1        0        65502       65502.00    0.00        65502.00   
  47       2024767      1        2        121700       0.35   2        0        65084       60850.00    0.00        60850.00   
  48       2021067      1        2        65076        0.18   1        0        65076       65076.00    0.00        65076.00   
  49       2018032      1        2        94818        0.27   2        0        64210       47409.00    0.00        47409.00   
  50       2828986      1        2        62752        0.18   1        0        62752       62752.00    0.00        62752.00   
  51       2022503      1        2        123652       0.35   2        0        62656       61826.00    0.00        61826.00   
  52       2022220      1        2        118530       0.34   2        0        61286       59265.00    0.00        59265.00   
  53       2023916      1        2        107634       0.31   2        0        60878       53817.00    0.00        53817.00   
  54       2018981      1        4        116312       0.33   2        0        59756       58156.00    0.00        58156.00   
  55       2017934      1        4        90248        0.26   2        0        59578       45124.00    0.00        45124.00   
  56       2828060      1        4        59522        0.17   1        0        59522       59522.00    0.00        59522.00   
  57       2815817      1        5        106918       0.30   2        0        58976       53459.00    0.00        53459.00   
  58       2022199      1        2        58774        0.17   1        0        58774       58774.00    0.00        58774.00   
  59       2820031      1        2        102180       0.29   2        0        56940       51090.00    0.00        51090.00   
  60       2816922      1        5        99214        0.28   2        0        53724       49607.00    0.00        49607.00   
  61       2816526      1        13       98824        0.28   2        0        51676       49412.00    0.00        49412.00   
  62       2816515      1        3        158308       0.45   4        0        51404       39577.00    0.00        39577.00   
  63       2017877      1        3        98806        0.28   2        0        50352       49403.00    0.00        49403.00   
  64       2012612      1        16       95830        0.27   2        0        49928       47915.00    0.00        47915.00   
  65       2024771      1        1        48732        0.14   1        0        48732       48732.00    0.00        48732.00   
  66       2022207      1        4        93758        0.27   2        0        48132       46879.00    0.00        46879.00   
  67       2022262      1        3        94650        0.27   2        0        47328       47325.00    0.00        47325.00   
  68       2018496      1        9        93232        0.26   2        0        47276       46616.00    0.00        46616.00   
  69       2816929      1        4        90568        0.26   2        0        46838       45284.00    0.00        45284.00   
  70       2016858      1        10       92904        0.26   2        0        46770       46452.00    0.00        46452.00   
  71       2816925      1        3        90988        0.26   2        0        46386       45494.00    0.00        45494.00   
  72       2815201      1        2        81782        0.23   2        0        45256       40891.00    0.00        40891.00   
  73       2819673      1        4        89922        0.26   2        0        45142       44961.00    0.00        44961.00   
  74       2816669      1        4        82324        0.23   2        0        45116       41162.00    0.00        41162.00   
  75       2816328      1        5        89702        0.25   2        0        44936       44851.00    0.00        44851.00   
  76       2816928      1        3        88564        0.25   2        0        44622       44282.00    0.00        44282.00   
  77       2816931      1        3        88432        0.25   2        0        44378       44216.00    0.00        44216.00   
  78       2816927      1        3        88206        0.25   2        0        44236       44103.00    0.00        44103.00   
  79       2816930      1        4        87852        0.25   2        0        44062       43926.00    0.00        43926.00   
  80       2804626      1        9        79258        0.23   2        0        42794       39629.00    0.00        39629.00   
  81       2815824      1        2        42240        0.12   1        0        42240       42240.00    0.00        42240.00   
  82       2809682      1        5        76410        0.22   2        0        42194       38205.00    0.00        38205.00   
  83       2809547      1        5        74640        0.21   2        0        41672       37320.00    0.00        37320.00   
  84       2805260      1        4        74656        0.21   2        0        41154       37328.00    0.00        37328.00   
  85       2018639      1        2        68938        0.20   2        0        37906       34469.00    0.00        34469.00   
  86       2022914      1        1        74956        0.21   3        0        37562       24985.33    0.00        24985.33   
  87       2018075      1        3        67940        0.19   2        0        37364       33970.00    0.00        33970.00   
  88       2017548      1        6        68750        0.20   2        0        36932       34375.00    0.00        34375.00   
  89       2826256      1        2        72840        0.21   2        0        36824       36420.00    0.00        36420.00   
  90       2003492      1        30       71716        0.20   2        0        36552       35858.00    0.00        35858.00   
  91       2020380      1        3        71698        0.20   2        0        36436       35849.00    0.00        35849.00   
  92       2016223      1        10       70268        0.20   2        0        36208       35134.00    0.00        35134.00   
  93       2022049      1        3        71260        0.20   2        0        36188       35630.00    0.00        35630.00   
  94       2003657      1        18       71896        0.20   2        0        36074       35948.00    0.00        35948.00   
  95       2014380      1        4        98506        0.28   4        0        35874       24626.50    0.00        24626.50   
  96       2017876      1        3        65482        0.19   2        0        35762       32741.00    0.00        32741.00   
  97       2016537      1        2        35576        0.10   1        0        35576       35576.00    0.00        35576.00   
  98       2021716      1        1        64566        0.18   2        0        35256       32283.00    0.00        32283.00   
  99       2020705      1        4        69848        0.20   2        0        35176       34924.00    0.00        34924.00   
  100      2018010      1        5        69492        0.20   2        0        34940       34746.00    0.00        34746.00   
  101      2021753      1        3        62526        0.18   2        0        31956       31263.00    0.00        31263.00   
  102      2802876      1        3        31650        0.09   1        0        31650       31650.00    0.00        31650.00   
  103      2024513      1        5        29134        0.08   1        0        29134       29134.00    0.00        29134.00   
  104      2013382      1        3        55038        0.16   2        0        28330       27519.00    0.00        27519.00   
  105      2816395      1        3        25750        0.07   1        0        25750       25750.00    0.00        25750.00   
  106      2823937      1        13       24750        0.07   1        0        24750       24750.00    0.00        24750.00   
  107      2816932      1        2        24636        0.07   1        0        24636       24636.00    0.00        24636.00   
  108      2819934      1        2        24584        0.07   1        0        24584       24584.00    0.00        24584.00   
  109      2815823      1        2        24404        0.07   1        0        24404       24404.00    0.00        24404.00   
  110      2810793      1        5        27698        0.08   2        0        22688       13849.00    0.00        13849.00   
  111      2019011      1        3        106554       0.30   17       0        22268       6267.88     0.00        6267.88    
  112      2010143      1        3        335160       0.95   58       0        22034       5778.62     0.00        5778.62    
  113      2016323      1        1        64932        0.18   8        0        21652       8116.50     0.00        8116.50    
  114      2023624      1        3        265358       0.75   50       0        21076       5307.16     0.00        5307.16    
  115      2023623      1        3        192178       0.55   38       0        20554       5057.32     0.00        5057.32    
  116      2021012      1        2        37242        0.11   2        0        20506       18621.00    0.00        18621.00   
  117      2018181      1        3        36172        0.10   2        0        19784       18086.00    0.00        18086.00   
  118      2017916      1        2        33502        0.10   2        0        18202       16751.00    0.00        16751.00   
  119      2022401      1        3        32130        0.09   2        0        16210       16065.00    0.00        16065.00   
  120      2805211      1        1        44272        0.13   3        0        15340       14757.33    0.00        14757.33   
  121      2008117      1        3        87886        0.25   17       0        9068        5169.76     0.00        5169.76    
  122      2021053      1        1        25708        0.07   4        0        8686        6427.00     0.00        6427.00    
  123      2010142      1        4        274760       0.78   58       0        8208        4737.24     0.00        4737.24    
  124      2023625      1        3        225026       0.64   47       0        8094        4787.79     0.00        4787.79    
  125      2008120      1        4        2

This file has been truncated. Go here to download in full.


unified2.alert.1568818281 - (5668 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
4]‚C™È$¯Ú}À¨d%»²ÀzP^]‚C™]‚C™ÈBRT6>ÿRTJ¯E4œ@€ª‘À¨d%»²ÀzPRå-€ ú´4]‚C_æ+%<À¨d%»²ÀzP¼]‚C]‚C_æ E’hÐÀ¨d%»²ÀzPP
PPOST / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 37.187.4.178
Content-Length: 324
Connection: Keep-Alive
Cache-Control: no-cache

ŽvÜÇÙ×çNOU£×©6’¶%{+<š)a꘺(¼S?O‰>,"ê¢ñFUéefpà/¨1•Ï°i0ù4s@õWЦÙ·—H™Kµå^ýµŸJÞ8Címß07åI{)mè/øG`½*½&l>ê'“üÌw?D<¶Œ¥ÿG©Ë礁Ý$åÅ«#ôHšâ4_“÷E¶„O´I:/,zÇ<[xxœ`Æ¡e‘¡d²ÛURÚp2xÑànB2c}sÇ$þö¤3èeÏ|›ræµÕ[NÆg¦úkÚÓú-O¤±ÓØHzQ44ÓU7ÔlGŸè9-ò‡4„Dàðø—秬¦”ý«¥â÷>GS–ûGŒIìWÄ|€þä(z{žw	sƒþº”˜›î@?<ñW%«ÐƒSää4]‚C_æ+&èÀ¨d%»²ÀzP¼]‚C]‚C_æ E’hÐÀ¨d%»²ÀzPP
PPOST / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 37.187.4.178
Content-Length: 324
Connection: Keep-Alive
Cache-Control: no-cache

ŽvÜÇÙ×çNOU£×©6’¶%{+<š)a꘺(¼S?O‰>,"ê¢ñFUéefpà/¨1•Ï°i0ù4s@õWЦÙ·—H™Kµå^ýµŸJÞ8Címß07åI{)mè/øG`½*½&l>ê'“üÌw?D<¶Œ¥ÿG©Ë礁Ý$åÅ«#ôHšâ4_“÷E¶„O´I:/,zÇ<[xxœ`Æ¡e‘¡d²ÛURÚp2xÑànB2c}sÇ$þö¤3èeÏ|›ræµÕ[NÆg¦úkÚÓú-O¤±ÓØHzQ44ÓU7ÔlGŸè9-ò‡4„Dàðø—秬¦”ý«¥â÷>GS–ûGŒIìWÄ|€þä(z{žw	sƒþº”˜›î@?<ñW%«ÐƒSää4]‚C_æÌ6À¨d%»²ÀzP¼]‚C]‚C_æ E’hÐÀ¨d%»²ÀzPP
PPOST / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 37.187.4.178
Content-Length: 324
Connection: Keep-Alive
Cache-Control: no-cache

ŽvÜÇÙ×çNOU£×©6’¶%{+<š)a꘺(¼S?O‰>,"ê¢ñFUéefpà/¨1•Ï°i0ù4s@õWЦÙ·—H™Kµå^ýµŸJÞ8Címß07åI{)mè/øG`½*½&l>ê'“üÌw?D<¶Œ¥ÿG©Ë礁Ý$åÅ«#ôHšâ4_“÷E¶„O´I:/,zÇ<[xxœ`Æ¡e‘¡d²ÛURÚp2xÑànB2c}sÇ$þö¤3èeÏ|›ræµÕ[NÆg¦úkÚÓú-O¤±ÓØHzQ44ÓU7ÔlGŸè9-ò‡4„Dàðø—秬¦”ý«¥â÷>GS–ûGŒIìWÄ|€þä(z{žw	sƒþº”˜›î@?<ñW%«ÐƒSää4]‚C»$¯Õ}À¨dÁ©6Âw^]‚C»]‚C»BRT6>ÿRTJ¯E4µ@€Ý/À¨dÁ©6Âw†-ˆ€ !´4]‚CÌ†2+$À¨dÁ©6Âw´]‚CÌ]‚CÌ†2˜E˜›À¨dÁ©6ÂwPßPOST / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 193.169.54.12:8080
Content-Length: 324
Connection: Keep-Alive
Cache-Control: no-cache

È~!¢Âgå¼'Ø^tx ØÈI¹ô¦ú†«„ú›+͇3|q<„Ö‚—@¬s=ŠõÃæ1®‰ñÛ;µðMßO-Ï@ßQÐj©“3]­BG#±Ÿ^|÷±\±bž‹7åI{)mè/øG`½*½&l>ê'“üÌw?D<¶Œ¥ÿG©Ë礁Ý$åÅ«#ôHšâ4_“÷E¶„O´I:/,zÇ<[xxœ`Æ¡e‘¡d²ÛURÚp2xÑànB2c}sÇ$þö¤3èeÏ|›ræµÕ[NÆg¦úkÚÓú-O¤±ÓØHzQ44ÓU7ÔlGŸè9-ò‡4„Dàðø—秬¦”ý«¥â÷>GS–ûGŒIìWÄ|€þä(z{žw	sƒþº”˜›î@?<ñW%«ÐƒSää4]‚CÌ†2+%<À¨dÁ©6Âw´]‚CÌ]‚CÌ†2˜E˜›À¨dÁ©6ÂwPßPOST / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 193.169.54.12:8080
Content-Length: 324
Connection: Keep-Alive
Cache-Control: no-cache

È~!¢Âgå¼'Ø^tx ØÈI¹ô¦ú†«„ú›+͇3|q<„Ö‚—@¬s=ŠõÃæ1®‰ñÛ;µðMßO-Ï@ßQÐj©“3]­BG#±Ÿ^|÷±\±bž‹7åI{)mè/øG`½*½&l>ê'“üÌw?D<¶Œ¥ÿG©Ë礁Ý$åÅ«#ôHšâ4_“÷E¶„O´I:/,zÇ<[xxœ`Æ¡e‘¡d²ÛURÚp2xÑànB2c}sÇ$þö¤3èeÏ|›ræµÕ[NÆg¦úkÚÓú-O¤±ÓØHzQ44ÓU7ÔlGŸè9-ò‡4„Dàðø—秬¦”ý«¥â÷>GS–ûGŒIìWÄ|€þä(z{žw	sƒþº”˜›î@?<ñW%«ÐƒSää4]‚CÌ†2+&èÀ¨dÁ©6Âw´]‚CÌ]‚CÌ†2˜E˜›À¨dÁ©6ÂwPßPOST / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 193.169.54.12:8080
Content-Length: 324
Connection: Keep-Alive
Cache-Control: no-cache

È~!¢Âgå¼'Ø^tx ØÈI¹ô¦ú†«„ú›+͇3|q<„Ö‚—@¬s=ŠõÃæ1®‰ñÛ;µðMßO-Ï@ßQÐj©“3]­BG#±Ÿ^|÷±\±bž‹7åI{)mè/øG`½*½&l>ê'“üÌw?D<¶Œ¥ÿG©Ë礁Ý$åÅ«#ôHšâ4_“÷E¶„O´I:/,zÇ<[xxœ`Æ¡e‘¡d²ÛURÚp2xÑànB2c}sÇ$þö¤3èeÏ|›ræµÕ[NÆg¦úkÚÓú-O¤±ÓØHzQ44ÓU7ÔlGŸè9-ò‡4„Dàðø—秬¦”ý«¥â÷>GS–ûGŒIìWÄ|€þä(z{žw	sƒþº”˜›î@?<ñW%«ÐƒSää4	]‚CÌ†2Ì6À¨dÁ©6Âw´	]‚CÌ]‚CÌ†2˜E˜›À¨dÁ©6ÂwPßPOST / HTTP/1.1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 193.169.54.12:8080
Content-Length: 324
Connection: Keep-Alive
Cache-Control: no-cache

È~!¢Âgå¼'Ø^tx ØÈI¹ô¦ú†«„ú›+͇3|q<„Ö‚—@¬s=ŠõÃæ1®‰ñÛ;µðMßO-Ï@ßQÐj©“3]­BG#±Ÿ^|÷±\±bž‹7åI{)mè/øG`½*½&l>ê'“üÌw?D<¶Œ¥ÿG©Ë礁Ý$åÅ«#ôHšâ4_“÷E¶„O´I:/,zÇ<[xxœ`Æ¡e‘¡d²ÛURÚp2xÑànB2c}sÇ$þö¤3èeÏ|›ræµÕ[NÆg¦úkÚÓú-O¤±ÓØHzQ44ÓU7ÔlGŸè9-ò‡4„Dàðø—秬¦”ý«¥â÷>GS–ûGŒIìWÄ|€þä(z{žw	sƒþº”˜›î@?<ñW%«ÐƒSää


stats.log - (3060 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
------------------------------------------------------------------------------------
Date: 9/18/2019 -- 14:51:23 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 183
decoder.bytes                              | Total                     | 16916
decoder.ipv4                               | Total                     | 70
decoder.ipv6                               | Total                     | 12
decoder.ethernet                           | Total                     | 183
decoder.tcp                                | Total                     | 16
decoder.udp                                | Total                     | 66
decoder.avg_pkt_size                       | Total                     | 92
decoder.max_pkt_size                       | Total                     | 804
flow.tcp                                   | Total                     | 2
flow.udp                                   | Total                     | 12
tcp.sessions                               | Total                     | 2
tcp.syn                                    | Total                     | 3
tcp.synack                                 | Total                     | 2
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 1
detect.alert                               | Total                     | 9
detect.mpm_list                            | Total                     | 12
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 13
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 12
flow_mgr.new_pruned                        | Total                     | 9
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 13
flow_mgr.flows_notimeout                   | Total                     | 4
flow_mgr.flows_timeout                     | Total                     | 9
flow_mgr.flows_removed                     | Total                     | 9
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65523
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7078336


eve.json - (6562 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
{"timestamp":"2019-09-18T14:47:53.561352+0000","flow_id":1380730040586440,"pcap_cnt":72,"event_type":"alert","src_ip":"192.168.100.129","src_port":49274,"dest_ip":"37.187.4.178","dest_port":80,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2404314,"rev":4989,"signature":"ET CNC Feodo Tracker Reported CnC Server group 15","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2019-09-18T14:47:57.221158+0000","flow_id":1380730040586440,"pcap_cnt":94,"event_type":"alert","src_ip":"192.168.100.129","src_port":49274,"dest_ip":"37.187.4.178","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2827580,"rev":7,"signature":"ETPRO TROJAN W32\/Emotet.v4 Checkin 2","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-09-18T14:47:57.221158+0000","flow_id":1380730040586440,"pcap_cnt":94,"event_type":"alert","src_ip":"192.168.100.129","src_port":49274,"dest_ip":"37.187.4.178","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828008,"rev":2,"signature":"ETPRO TROJAN W32\/Emotet.v4 Checkin 3","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2019-09-18T14:47:57.221158+0000","flow_id":1380730040586440,"pcap_cnt":94,"event_type":"alert","src_ip":"192.168.100.129","src_port":49274,"dest_ip":"37.187.4.178","dest_port":80,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018358,"rev":7,"signature":"ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2019-09-18T14:47:57.221158+0000","flow_id":1380730040586440,"pcap_cnt":94,"event_type":"http","src_ip":"192.168.100.129","src_port":49274,"dest_ip":"37.187.4.178","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"37.187.4.178","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html"}}
{"timestamp":"2019-09-18T14:47:57.221158+0000","flow_id":1380730040586440,"pcap_cnt":94,"event_type":"fileinfo","src_ip":"192.168.100.129","src_port":49274,"dest_ip":"37.187.4.178","dest_port":80,"proto":"TCP","http":{"hostname":"37.187.4.178","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":405,"length":584},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":324,"tx_id":0}}
{"timestamp":"2019-09-18T14:48:27.197394+0000","flow_id":1301971079987986,"pcap_cnt":152,"event_type":"alert","src_ip":"192.168.100.129","src_port":49783,"dest_ip":"193.169.54.12","dest_port":8080,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2404309,"rev":4989,"signature":"ET CNC Feodo Tracker Reported CnC Server group 10","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2019-09-18T14:48:44.820786+0000","flow_id":1301971079987986,"event_type":"alert","src_ip":"192.168.100.129","src_port":49783,"dest_ip":"193.169.54.12","dest_port":8080,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2827279,"rev":5,"signature":"ETPRO TROJAN W32\/Emotet.v4 Checkin","category":"A Network Trojan was detected","severity":1},"app_proto":"http"}
{"timestamp":"2019-09-18T14:48:44.820786+0000","flow_id":1301971079987986,"event_type":"alert","src_ip":"192.168.100.129","src_port":49783,"dest_ip":"193.169.54.12","dest_port":8080,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2827580,"rev":7,"signature":"ETPRO TROJAN W32\/Emotet.v4 Checkin 2","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2019-09-18T14:48:44.820786+0000","flow_id":1301971079987986,"event_type":"alert","src_ip":"192.168.100.129","src_port":49783,"dest_ip":"193.169.54.12","dest_port":8080,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828008,"rev":2,"signature":"ETPRO TROJAN W32\/Emotet.v4 Checkin 3","category":"A Network Trojan was detected","severity":1}}
{"timestamp":"2019-09-18T14:48:44.820786+0000","flow_id":1301971079987986,"event_type":"alert","src_ip":"192.168.100.129","src_port":49783,"dest_ip":"193.169.54.12","dest_port":8080,"proto":"TCP","app_proto":"http","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2018358,"rev":7,"signature":"ET INFO GENERIC SUSPICIOUS POST to Dotted Quad with Fake Browser 1","category":"Potentially Bad Traffic","severity":2}}
{"timestamp":"2019-09-18T14:48:44.820786+0000","flow_id":1301971079987986,"event_type":"http","src_ip":"192.168.100.129","src_port":49783,"dest_ip":"193.169.54.12","dest_port":8080,"proto":"TCP","tx_id":0,"http":{"hostname":"193.169.54.12","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-09-18T14:48:44.820786+0000","flow_id":1301971079987986,"event_type":"fileinfo","src_ip":"192.168.100.129","src_port":49783,"dest_ip":"193.169.54.12","dest_port":8080,"proto":"TCP","http":{"hostname":"193.169.54.12","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":324,"tx_id":0}}
{"timestamp":"2019-09-18T14:48:44.820786+0000","flow_id":1380730040586440,"event_type":"fileinfo","src_ip":"37.187.4.178","src_port":80,"dest_ip":"192.168.100.129","dest_port":49274,"proto":"TCP","http":{"hostname":"37.187.4.178","url":"\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_content_type":"text\/html","http_method":"POST","protocol":"HTTP\/1.1","status":405,"length":584},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":584,"tx_id":0}}


keyword_perf.log - (11521 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 9/18/2019 -- 14:51:23
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1099718         163             163             161006          6746.00         6746.00         0.00           
  threshold        53496           2               2               44438           26748.00        26748.00        0.00           
  content          2885456         439             324             33586           6572.00         6862.00         5756.00        
  pcre             707108          52              31              45632           13598.00        12164.00        15714.00       
  byte_test        5944028         55              43              5625986         108073.00       136135.00       7516.00        
  byte_jump        228694          37              13              32460           6180.00         5702.00         6439.00        
  flowbits         577498          14              7               477602          41249.00        74785.00        7714.00        
  urilen           1162496         54              10              451790          21527.00        6159.00         25020.00       
  byte_extract     32322           4               4               13204           8080.00         8080.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             1099718         163             163             161006          6746.00         6746.00         0.00           
  flowbits         53998           7               0               22198           7714.00         0.00            7714.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          949570          133             94              17962           7139.00         7781.00         5593.00        
  pcre             60876           3               2               41648           20292.00        9614.00         41648.00       
  byte_test        5919458         53              41              5625986         111687.00       142177.00       7516.00        
  byte_jump        228694          37              13              32460           6180.00         5702.00         6439.00        
  byte_extract     32322           4               4               13204           8080.00         8080.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         523500          7               7               477602          74785.00        74785.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        53496           2               2               44438           26748.00        26748.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          109962          20              3               7064            5498.00         5407.00         5514.00        
  pcre             106652          9               2               23190           11850.00        11569.00        11930.00       
  urilen           1162496         54              10              451790          21527.00        6159.00         25020.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15612           2               2               8486            7806.00         7806.00         0.00           
  pcre             35956           5               5               14158           7191.00         7191.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1289198         202             169             22124           6382.00         6402.00         6277.00        
  pcre             460628          31              18              45632           14858.00        14209.00        15757.00       
  byte_test        24570           2               2               14972           12285.00        12285.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          20250           4               2               5762            5062.00         5455.00         4670.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          40548           2               2               33586           20274.00        20274.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          71550           13              11              6888            5503.00         5296.00         6646.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          376182          61              41              8964            6166.00         6546.00         5388.00        
  pcre             42996           4               4               14624           10749.00        10749.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          12584           2               0               6988            6292.00         0.00            6292.00        


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-09-18 14:50:55,471 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-09-18 14:50:56,347 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-09-18 14:50:56,347 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-09-18 14:50:56,348 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-09-18 14:50:56,348 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-09-18 14:50:56,348 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/4b9ddf0f0fe9b56f2186e33aa034556156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/09182019.1450-d4f2a910-3f10-4118-9ac8-4a9d7ca2d4b9.pcap -vvv -k none
2019-09-18 14:51:23,329 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-09-18 14:51:23,330 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 27.8723819256