Output

  1 class="code">Packet profile dump: min            max            avg            tot           %% class="s">----   -----   ----------     ------------   ------------   -----------    -----------   --- 5884240      472499678     274539380        279.5b   95.61 97581524      455851242     259463136         12.5b    4.26 1        363414278      363414278     363414278        363.4m    0.12 tracks pseudo/tunnel packets. IP ver   Proto   cnt            min            max            avg            tot           %% class="s">----------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   --- IPv4       6          1018           113788       31453754        479806        488.4m   84.91 IPv4      17            48           448840       19212532       1091121         52.4m    9.10 IPv4       6           987             4436       12356236         17779         17.5m    3.05 IPv4      17            48             4450           7976          4944        237.4k    0.04 IPv4       6           987             4570        5420990         15866         15.7m    2.72 IPv4      17            48             4600          19204          5690        273.1k    0.05 IPv6      17             1           694472         694472        694472        694.5k    0.12 IPv6      17             1             4818           4818          4818          4.8k    0.00 IPv6      17             1            26130          26130         26130         26.1k    0.00 IP ver   Proto   cnt            min            max            avg class="s">------------------   ------   -----   ----------     ------------   ------------   -----------  IPv4       6           987             4776          51394          6257          6.2m  1.31 IPv4      17            48             5000          25798          7647        367.1k  0.08 IPv4       6          1018             4460        2429022         26333         26.8m  5.69 IPv4      17            48            15058         139470         33062          1.6m  0.34 IPv4       6          1018            77060       31396160        395447        402.6m  85.43 IPv4      17            48           357968         920954        570790         27.4m  5.81 IPv4       6          1018             4428          36236          5550          5.6m  1.20 IPv6      17             1             9086           9086          9086          9.1k  0.00 IPv6      17             1            27078          27078         27078         27.1k  0.01 IPv6      17             1           631248         631248        631248        631.2k  0.13 IP ver   Proto   cnt            min            max            avg class="s">------------------   ------   -----   ----------     ------------   ------------   -----------  IPv4       6            30             5730          86312         15962        478.9k  40.81 IPv4       6            35             4572           7468          5382        188.4k  16.06 IPv4      17            48             5506          47642         10542        506.0k  43.13 IPv4       6             4             4642          28254         12022         48.1k IPv4      17            43             5054          67028         12628        543.0k IPv6      17             1            11786          11786         11786         11.8k IP ver   Proto   cnt            min            max            avg            tot           %% class="s">----------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   --- IP ver   Proto   cnt            min            max            avg            tot class="s">----------------------   ------   -----   ----------     ------------   ------------   -----------    -----------  IPv4       6             8            33338         101022         56462        451.7k  1.45 IPv4      17             1            32706          32706         32706         32.7k  0.10 IPv4       6             8            41618         201612         73631        589.1k  1.89 IPv4      17             1            51594          51594         51594         51.6k  0.17 IPv4       6             8            64804         115438         79144        633.2k  2.03 IPv4      17             1            94816          94816         94816         94.8k  0.30 IPv4      17            48            30828       18213508        446856         21.4m  68.69 IPv4       6            28            40816         202956        105944          3.0m  9.50 IPv4       6            18            46786         205912         97887          1.8m  5.64 IPv4       6            27            54242         267316        118298          3.2m  10.23 IP ver   Proto   cnt            min            max            avg            tot          %% class="s">------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    --- IPv4       6           533             4498         481240         40289        21.5m  26.48 IPv4      17            48             7142          56574         33103         1.6m  1.96 IPv4       6           533             4444        3822804         70504        37.6m  46.33 IPv4       6            28            12042          60086         34731       972.5k  1.20 IPv4       6            28             7472          15248         10311       288.7k  0.36 IPv4       6            36             4716          66312         12974       467.1k  0.58 IPv4       6            28            36974         150208         91633         2.6m  3.16 IPv4       6            28             4522           6648          5142       144.0k  0.18 IPv4       6            28            13864          55736         25001       700.0k  0.86 IPv4       6            28             5250          31688          7892       221.0k  0.27 IPv4       6            28             5038          10768          6019       168.5k  0.21 IPv4       6            28             4826           8016          6011       168.3k  0.21 IPv4       6            28             4934          39972          8894       249.0k  0.31 IPv4       6            28             5530          41450          9453       264.7k  0.33 IPv4       6            28            11144          34498         17789       498.1k  0.61 IPv4       6            36             7214          53354         18686       672.7k  0.83 IPv4       6            28             6710          36210         10090       282.5k  0.35 IPv4       6            28             4982          12974          7594       212.7k  0.26 IPv4       6            28             5622          23962         10447       292.5k  0.36 IPv4       6            28            13404         111406         30496       853.9k  1.05 IPv4       6            28             6948          38420         13414       375.6k  0.46 IPv4      17            24             4796         114760         18596       446.3k  0.55 IPv4       6            36             4964          51252         10074       362.7k  0.45 IPv4       6            27             5648          44470         12197       329.3k  0.41 IPv4       6            27            18886         205720         61153         1.7m  2.04 IPv4       6            26             4500          35106          7106       184.8k  0.23 IPv4       6            27             5914          21726         10406       281.0k  0.35 IPv4       6           103             6198          42638         10113         1.0m  1.28 IPv4       6            27             4918          12756          7022       189.6k  0.23 IPv4       6            27             4688          23006          7177       193.8k  0.24 IPv4       6            18             5832          26640         11133       200.4k  0.25 IPv4       6            18             5308          17478          9848       177.3k  0.22 IPv4       6            18             5920           9800          7606       136.9k  0.17 IPv4       6            77             4492        1880224         75515         5.8m  7.17 IPv4                  2089                                         38798        81.0m IPv6      17             1            53204          53204         53204        53.2k  0.07 IPv6                     1                                         53204        53.2k IP ver   Proto   cnt            min            max            avg            tot class="s">----------------------   ------   -----   ----------     ------------   ------------   -----------    -----------  IPv4       6            86             5582         198852         60920          5.2m  0.99 IPv4      17            48             5614         134926         46241          2.2m  0.42 IPv4       6          1018             4450       31219256        170185        173.2m  32.58 IPv4      17            48           164394         543240        324976         15.6m  2.93 6           139             8914        2119700        236220         32.8m  6.17 6          1018             4412         123476          9649          9.8m  1.85 17            48             8036          59532         10328        495.8k  0.09 6           724             4456         100904          5483          4.0m  0.75 17            48             4548          33692          5729        275.0k  0.05 IPv4       6          1018            13472       10891182        135801        138.2m  26.00 IPv4      17            48            44648         202768         97301          4.7m  0.88 6           533            23860       10856752        146086         77.9m  14.64 IPv4      17            48            16024          79320         44697          2.1m  0.40 IPv4       6           724             4464        1904390         41566         30.1m  5.66 IPv4      17            24            13926         125280         29951        718.8k  0.14 IPv4       6           451             4418          97164          6320          2.9m  0.54 IPv4      17            48             4750          39392          6789        325.9k  0.06 IPv4       6          1018             4424         145594          5636          5.7m  1.08 IPv4      17            48             4556          42298          6779        325.4k  0.06 6          1018             4436          89230          5634          5.7m  1.08 IPv4      17            48             4496           7598          5351        256.9k  0.05 IPv4       6          1018             4426          33682          5304          5.4m  1.02 IPv4      17            48             4514          38608          5898        283.1k  0.05 IPv4       6          1018             4428          46298          5638          5.7m  1.08 IPv4      17            48             4722          21334          6244        299.7k  0.06 IPv4       6          1018             4428          64038          6127          6.2m  1.17 IPv4      17            48             8932          13184         10322        495.5k  0.09 IPv6      17             1            55624          55624         55624         55.6k  0.01 IPv6      17             1           295898         295898        295898        295.9k  0.06 17             1             5446           5446          5446          5.4k  0.00 IPv6      17             1           111542         111542        111542        111.5k  0.02 IPv6      17             1            64814          64814         64814         64.8k  0.01 IPv6      17             1            11018          11018         11018         11.0k  0.00 IPv6      17             1             9158           9158          9158          9.2k  0.00 IPv6      17             1             8364           8364          8364          8.4k  0.00 IPv6      17             1             6338           6338          6338          6.3k  0.00 IPv6      17             1             9006           9006          9006          9.0k  0.00 IPv6      17             1            79332          79332         79332         79.3k  0.01


	

	
	suricata-4.0.0-etpro-all-alert-2019-10-21-T-15-42-34-10212019.1542-b41414ea24b69083a0a15422fd187d14aeecfab6a900538da0484cdab363c993_network.pcap.txt - (1776 bytes) - download

	1
2
3
4
5
6
7
8
9 11/01/2018-05:23:24.375089  [**] [1:2025275:1] ET INFO Windows OS Submitting USB Metadata to Microsoft [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.56.151:49198 -> 52.178.147.240:80
11/01/2018-05:23:25.658576  [**] [1:2025275:1] ET INFO Windows OS Submitting USB Metadata to Microsoft [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.56.151:49198 -> 52.178.147.240:80
11/01/2018-05:23:26.183484  [**] [1:2025275:1] ET INFO Windows OS Submitting USB Metadata to Microsoft [**] [Classification: Misc activity] [Priority: 3] {TCP} 192.168.56.151:49198 -> 52.178.147.240:80
11/01/2018-05:23:37.935702  [**] [1:2012811:2] ET DNS Query to a .tk domain - Likely Hostile [**] [Classification: Potentially Bad Traffic] [Priority: 2] {UDP} 192.168.56.151:63589 -> 8.8.8.8:53
11/01/2018-05:23:39.209909  [**] [1:2012810:10] ET POLICY HTTP Request to a *.tk domain [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.56.151:49212 -> 45.35.190.16:80
11/01/2018-05:23:39.712174  [**] [1:2012810:10] ET POLICY HTTP Request to a *.tk domain [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.56.151:49212 -> 45.35.190.16:80
11/01/2018-05:23:40.421312  [**] [1:2012810:10] ET POLICY HTTP Request to a *.tk domain [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.56.151:49212 -> 45.35.190.16:80
11/01/2018-05:23:52.688473  [**] [1:2012810:10] ET POLICY HTTP Request to a *.tk domain [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.56.151:49212 -> 45.35.190.16:80
11/01/2018-05:23:52.826256  [**] [1:2012810:10] ET POLICY HTTP Request to a *.tk domain [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.56.151:49211 -> 45.35.190.16:80



	



	

	
	suricata-report-2019-10-21-T-15-42-34-10212019.1542-b41414ea24b69083a0a15422fd187d14aeecfab6a900538da0484cdab363c993_network.pcap.txt - (18104 bytes) - download

	  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199 lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/732bc867391901227a8411a0b0755cb156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/10212019.1542-b41414ea24b69083a0a15422fd187d14aeecfab6a900538da0484cdab363c993_network.pcap -vvv -k none
elapsedtime:25.131680
stderr:
stdout:
21/10/2019 -- 15:42:09 - <Info> - Configuration node 'rule-files' redefined.
21/10/2019 -- 15:42:09 - <Notice> - This is Suricata version 4.0.0 RELEASE
21/10/2019 -- 15:42:09 - <Info> - CPUs/cores online: 1
21/10/2019 -- 15:42:09 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32155 and 'request-body-inspect-window' set to 15583 after randomization.
21/10/2019 -- 15:42:09 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34002 and 'response-body-inspect-window' set to 16086 after randomization.
21/10/2019 -- 15:42:09 - <Config> - DNS request flood protection level: 500
21/10/2019 -- 15:42:09 - <Config> - DNS per flow memcap (state-memcap): 524288
21/10/2019 -- 15:42:09 - <Config> - DNS global memcap: 16777216
21/10/2019 -- 15:42:09 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
21/10/2019 -- 15:42:09 - <Config> - preallocated 1000 hosts of size 136
21/10/2019 -- 15:42:09 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
21/10/2019 -- 15:42:09 - <Config> - using magic-file /usr/share/file/magic
21/10/2019 -- 15:42:09 - <Config> - Core dump size is unlimited.
21/10/2019 -- 15:42:09 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
21/10/2019 -- 15:42:09 - <Config> - preallocated 1000 defrag trackers of size 168
21/10/2019 -- 15:42:09 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
21/10/2019 -- 15:42:09 - <Config> - stream "prealloc-sessions": 2048 (per thread)
21/10/2019 -- 15:42:09 - <Config> - stream "memcap": 33554432
21/10/2019 -- 15:42:09 - <Config> - stream "midstream" session pickups: disabled
21/10/2019 -- 15:42:09 - <Config> - stream "async-oneside": disabled
21/10/2019 -- 15:42:09 - <Config> - stream "checksum-validation": disabled
21/10/2019 -- 15:42:09 - <Config> - stream."inline": disabled
21/10/2019 -- 15:42:09 - <Config> - stream "bypass": disabled
21/10/2019 -- 15:42:09 - <Config> - stream "max-synack-queued": 5
21/10/2019 -- 15:42:09 - <Config> - stream.reassembly "memcap": 134217728
21/10/2019 -- 15:42:09 - <Config> - stream.reassembly "depth": 0
21/10/2019 -- 15:42:09 - <Config> - stream.reassembly "toserver-chunk-size": 2589
21/10/2019 -- 15:42:09 - <Config> - stream.reassembly "toclient-chunk-size": 2673
21/10/2019 -- 15:42:09 - <Config> - stream.reassembly.raw: enabled
21/10/2019 -- 15:42:09 - <Config> - stream.reassembly "segment-prealloc": 2048
21/10/2019 -- 15:42:09 - <Config> - Delayed detect disabled
21/10/2019 -- 15:42:09 - <Config> - pattern matchers: MPM: ac, SPM: bm
21/10/2019 -- 15:42:09 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
21/10/2019 -- 15:42:09 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
21/10/2019 -- 15:42:09 - <Config> - prefilter engines: MPM
21/10/2019 -- 15:42:09 - <Config> - IP reputation disabled
21/10/2019 -- 15:42:09 - <Perf> - Registered 148 keyword profiling counters.
21/10/2019 -- 15:42:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
21/10/2019 -- 15:42:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
21/10/2019 -- 15:42:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
21/10/2019 -- 15:42:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
21/10/2019 -- 15:42:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
21/10/2019 -- 15:42:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
21/10/2019 -- 15:42:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
21/10/2019 -- 15:42:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
21/10/2019 -- 15:42:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
21/10/2019 -- 15:42:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
21/10/2019 -- 15:42:14 - <Config> - No rules loaded from ET-icmp.rules.
21/10/2019 -- 15:42:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
21/10/2019 -- 15:42:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
21/10/2019 -- 15:42:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
21/10/2019 -- 15:42:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
21/10/2019 -- 15:42:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
21/10/2019 -- 15:42:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
21/10/2019 -- 15:42:14 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
21/10/2019 -- 15:42:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
21/10/2019 -- 15:42:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
21/10/2019 -- 15:42:15 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
21/10/2019 -- 15:42:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
21/10/2019 -- 15:42:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
21/10/2019 -- 15:42:18 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
21/10/2019 -- 15:42:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
21/10/2019 -- 15:42:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
21/10/2019 -- 15:42:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
21/10/2019 -- 15:42:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
21/10/2019 -- 15:42:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
21/10/2019 -- 15:42:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
21/10/2019 -- 15:42:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
21/10/2019 -- 15:42:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
21/10/2019 -- 15:42:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
21/10/2019 -- 15:42:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
21/10/2019 -- 15:42:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
21/10/2019 -- 15:42:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
21/10/2019 -- 15:42:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
21/10/2019 -- 15:42:21 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
21/10/2019 -- 15:42:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
21/10/2019 -- 15:42:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
21/10/2019 -- 15:42:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
21/10/2019 -- 15:42:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
21/10/2019 -- 15:42:22 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
21/10/2019 -- 15:42:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
21/10/2019 -- 15:42:23 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
21/10/2019 -- 15:42:23 - <Config> - No rules loaded from local.rules.
21/10/2019 -- 15:42:23 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
21/10/2019 -- 15:42:23 - <Info> - Threshold config parsed: 0 rule(s) found
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for tcp-packet
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for tcp-stream
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for udp-packet
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for other-ip
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_uri
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_request_line
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_client_body
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_response_line
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_header
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_header
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_header_names
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_header_names
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_accept
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_accept_enc
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_accept_lang
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_referer
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_connection
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_content_len
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_content_len
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_content_type
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_content_type
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_protocol
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_protocol
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_start
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_start
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_raw_header
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_raw_header
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_method
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_cookie
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_cookie
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_raw_uri
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_user_agent
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_host
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_raw_host
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_stat_msg
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_stat_code
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for dns_query
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for tls_sni
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for tls_cert_issuer
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for tls_cert_subject
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for tls_cert_serial
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for dce_stub_data
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for dce_stub_data
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for ssh_protocol
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for ssh_protocol
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for ssh_software
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for ssh_software
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for file_data
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for file_data
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_request_line
21/10/2019 -- 15:42:23 - <Perf> - using shared mpm ctx' for http_response_line
21/10/2019 -- 15:42:23 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
21/10/2019 -- 15:42:23 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
21/10/2019 -- 15:42:24 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
21/10/2019 -- 15:42:24 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
21/10/2019 -- 15:42:24 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
21/10/2019 -- 15:42:24 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
21/10/2019 -- 15:42:24 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
21/10/2019 -- 15:42:24 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
21/10/2019 -- 15:42:31 - <Perf> - Unique rule groups: 104
21/10/2019 -- 15:42:31 - <Perf> - Builtin MPM "toserver TCP packet": 35
21/10/2019 -- 15:42:31 - <Perf> - Builtin MPM "toclient TCP packet": 17
21/10/2019 -- 15:42:31 - <Perf> - Builtin MPM "toserver TCP stream": 33
21/10/2019 -- 15:42:31 - <Perf> - Builtin MPM "toclient TCP stream": 19
21/10/2019 -- 15:42:31 - <Perf> - Builtin MPM "toserver UDP packet": 27
21/10/2019 -- 15:42:31 - <Perf> - Builtin MPM "toclient UDP packet": 17
21/10/2019 -- 15:42:31 - <Perf> - Builtin MPM "other IP packet": 3
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_uri": 14
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_request_line": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_client_body": 6
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toclient http_response_line": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_header": 10
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toclient http_header": 6
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_header_names": 2
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_accept": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_referer": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_content_len": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_content_type": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toclient http_content_type": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_protocol": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_start": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_method": 5
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_cookie": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toclient http_cookie": 2
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver http_host": 2
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver dns_query": 4
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver tls_sni": 2
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toserver file_data": 1
21/10/2019 -- 15:42:31 - <Perf> - AppLayer MPM "toclient file_data": 7
21/10/2019 -- 15:42:33 - <Perf> - Registered 39590 rule profiling counters.
21/10/2019 -- 15:42:33 - <Info> - fast output device (regular) initialized: alert
21/10/2019 -- 15:42:33 - <Info> - eve-log output device (regular) initialized: eve.json
21/10/2019 -- 15:42:33 - <Config> - enabling 'eve-log' module 'alert'
21/10/2019 -- 15:42:33 - <Config> - enabling 'eve-log' module 'http'
21/10/2019 -- 15:42:33 - <Config> - enabling 'eve-log' module 'dns'
21/10/2019 -- 15:42:33 - <Config> - enabling 'eve-log' module 'tls'
21/10/2019 -- 15:42:33 - <Config> - enabling 'eve-log' module 'files'
21/10/2019 -- 15:42:33 - <Config> - enabling 'eve-log' module 'ssh'
21/10/2019 -- 15:42:33 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
21/10/2019 -- 15:42:33 - <Info> - stats output device (regular) initialized: stats.log
21/



	
	This file has been truncated. Go here to download in full.
	



	

	
	stats.log - (3074 bytes) - download

	 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40 ------------------------------------------------------------------------------------
Date: 10/21/2019 -- 15:42:34 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 1040
decoder.bytes                              | Total                     | 540551
decoder.ipv4                               | Total                     | 1035
decoder.ipv6                               | Total                     | 1
decoder.ethernet                           | Total                     | 1040
decoder.tcp                                | Total                     | 987
decoder.udp                                | Total                     | 49
decoder.avg_pkt_size                       | Total                     | 519
decoder.max_pkt_size                       | Total                     | 1514
flow.tcp                                   | Total                     | 44
flow.udp                                   | Total                     | 25
tcp.sessions                               | Total                     | 40
tcp.syn                                    | Total                     | 40
tcp.synack                                 | Total                     | 40
tcp.rst                                    | Total                     | 23
tcp.overlap                                | Total                     | 8
detect.alert                               | Total                     | 9
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 4
app_layer.flow.http                        | Total                     | 18
app_layer.tx.http                          | Total                     | 28
app_layer.flow.tls                         | Total                     | 18
app_layer.flow.dns_udp                     | Total                     | 24
app_layer.tx.dns_udp                       | Total                     | 24
app_layer.flow.failed_udp                  | Total                     | 1
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 2
flow_mgr.flows_notimeout                   | Total                     | 2
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65534
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075456



	



	

	
	eve.json - (54749 bytes) - download

	 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41 {"timestamp":"2018-11-01T05:23:19.702231+0000","flow_id":1045071001007895,"pcap_cnt":118,"event_type":"dns","src_ip":"192.168.56.151","src_port":58590,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":17852,"rrname":"vortex-win.data.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-01T05:23:20.165535+0000","flow_id":1045071001007895,"pcap_cnt":120,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.151","dest_port":58590,"proto":"UDP","dns":{"type":"answer","id":17852,"rcode":"NOERROR","rrname":"vortex-win.data.microsoft.com","rrtype":"A","ttl":300,"rdata":"40.77.226.250"}}
{"timestamp":"2018-11-01T05:23:20.641718+0000","flow_id":54131851562664,"pcap_cnt":129,"event_type":"tls","src_ip":"192.168.56.151","src_port":49196,"dest_ip":"40.77.226.250","dest_port":443,"proto":"TCP","tls":{"subject":"C=US, ST=WA, L=Redmond, O=Microsoft Corporation, OU=Microsoft, CN=*.vortex-win.data.microsoft.com","issuerdn":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Microsoft Secure Server CA 2011"}}
{"timestamp":"2018-11-01T05:23:22.981370+0000","flow_id":837035670305146,"pcap_cnt":151,"event_type":"dns","src_ip":"192.168.56.151","src_port":51336,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":11578,"rrname":"go.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-01T05:23:23.352282+0000","flow_id":837035670305146,"pcap_cnt":152,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.151","dest_port":51336,"proto":"UDP","dns":{"type":"answer","id":11578,"rcode":"NOERROR","rrname":"go.microsoft.com","rrtype":"A","ttl":300,"rdata":"23.214.174.91"}}
{"timestamp":"2018-11-01T05:23:23.870189+0000","flow_id":1205801562371367,"pcap_cnt":164,"event_type":"http","src_ip":"192.168.56.151","src_port":49197,"dest_ip":"23.214.174.91","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"go.microsoft.com","url":"\/fwlink\/?LinkID=109572&clcid=0x409","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT"}}
{"timestamp":"2018-11-01T05:23:23.870189+0000","flow_id":1205801562371367,"pcap_cnt":164,"event_type":"fileinfo","src_ip":"192.168.56.151","src_port":49197,"dest_ip":"23.214.174.91","dest_port":80,"proto":"TCP","http":{"hostname":"go.microsoft.com","url":"\/fwlink\/?LinkID=109572&clcid=0x409","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","http_method":"POST","protocol":"HTTP\/1.1","status":302,"redirect":"http:\/\/dmd.metaservices.microsoft.com\/dms\/metadata.svc","length":0},"app_proto":"http","fileinfo":{"filename":"\/fwlink\/","gaps":false,"state":"CLOSED","stored":false,"size":2392,"tx_id":0}}
{"timestamp":"2018-11-01T05:23:23.885130+0000","flow_id":147182318223754,"pcap_cnt":167,"event_type":"dns","src_ip":"192.168.56.151","src_port":51652,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":37666,"rrname":"dmd.metaservices.microsoft.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-01T05:23:24.373134+0000","flow_id":147182318223754,"pcap_cnt":168,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.151","dest_port":51652,"proto":"UDP","dns":{"type":"answer","id":37666,"rcode":"NOERROR","rrname":"dmd.metaservices.microsoft.com","rrtype":"A","ttl":3600,"rdata":"52.178.147.240"}}
{"timestamp":"2018-11-01T05:23:24.375089+0000","flow_id":1948805134857854,"pcap_cnt":174,"event_type":"alert","src_ip":"192.168.56.151","src_port":49198,"dest_ip":"52.178.147.240","dest_port":80,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2025275,"rev":1,"signature":"ET INFO Windows OS Submitting USB Metadata to Microsoft","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2018-11-01T05:23:24.786031+0000","flow_id":1948805134857854,"pcap_cnt":180,"event_type":"http","src_ip":"192.168.56.151","src_port":49198,"dest_ip":"52.178.147.240","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"dmd.metaservices.microsoft.com","url":"\/dms\/metadata.svc","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","http_content_type":"text\/xml"}}
{"timestamp":"2018-11-01T05:23:24.786031+0000","flow_id":1948805134857854,"pcap_cnt":180,"event_type":"fileinfo","src_ip":"192.168.56.151","src_port":49198,"dest_ip":"52.178.147.240","dest_port":80,"proto":"TCP","http":{"hostname":"dmd.metaservices.microsoft.com","url":"\/dms\/metadata.svc","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","http_content_type":"text\/xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":1730},"app_proto":"http","fileinfo":{"filename":"\/dms\/metadata.svc","gaps":false,"state":"CLOSED","stored":false,"size":2392,"tx_id":0}}
{"timestamp":"2018-11-01T05:23:25.180987+0000","flow_id":38416566468972,"pcap_cnt":189,"event_type":"fileinfo","src_ip":"192.168.56.151","src_port":49199,"dest_ip":"23.214.174.91","dest_port":80,"proto":"TCP","http":{"hostname":"go.microsoft.com","url":"\/fwlink\/?LinkID=109572&clcid=0x409","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/fwlink\/","gaps":false,"state":"CLOSED","stored":false,"size":1276,"tx_id":0}}
{"timestamp":"2018-11-01T05:23:25.181209+0000","flow_id":38416566468972,"pcap_cnt":190,"event_type":"http","src_ip":"192.168.56.151","src_port":49199,"dest_ip":"23.214.174.91","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"go.microsoft.com","url":"\/fwlink\/?LinkID=109572&clcid=0x409","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT"}}
{"timestamp":"2018-11-01T05:23:25.201838+0000","flow_id":1948805134857854,"pcap_cnt":194,"event_type":"fileinfo","src_ip":"52.178.147.240","src_port":80,"dest_ip":"192.168.56.151","dest_port":49198,"proto":"TCP","http":{"hostname":"dmd.metaservices.microsoft.com","url":"\/dms\/metadata.svc","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","http_content_type":"text\/xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":1730},"app_proto":"http","fileinfo":{"filename":"\/dms\/metadata.svc","gaps":false,"state":"CLOSED","stored":false,"size":1730,"tx_id":0}}
{"timestamp":"2018-11-01T05:23:25.658576+0000","flow_id":1948805134857854,"pcap_cnt":203,"event_type":"alert","src_ip":"192.168.56.151","src_port":49198,"dest_ip":"52.178.147.240","dest_port":80,"proto":"TCP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2025275,"rev":1,"signature":"ET INFO Windows OS Submitting USB Metadata to Microsoft","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2018-11-01T05:23:25.658576+0000","flow_id":1948805134857854,"pcap_cnt":203,"event_type":"http","src_ip":"192.168.56.151","src_port":49198,"dest_ip":"52.178.147.240","dest_port":80,"proto":"TCP","tx_id":1,"http":{"hostname":"dmd.metaservices.microsoft.com","url":"\/dms\/metadata.svc","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","http_content_type":"text\/xml"}}
{"timestamp":"2018-11-01T05:23:25.658576+0000","flow_id":1948805134857854,"pcap_cnt":203,"event_type":"fileinfo","src_ip":"192.168.56.151","src_port":49198,"dest_ip":"52.178.147.240","dest_port":80,"proto":"TCP","http":{"hostname":"dmd.metaservices.microsoft.com","url":"\/dms\/metadata.svc","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","http_content_type":"text\/xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":1730},"app_proto":"http","fileinfo":{"filename":"\/dms\/metadata.svc","gaps":false,"state":"CLOSED","stored":false,"size":1276,"tx_id":1}}
{"timestamp":"2018-11-01T05:23:26.146330+0000","flow_id":891306877270938,"pcap_cnt":272,"event_type":"dns","src_ip":"192.168.56.151","src_port":63527,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":63073,"rrname":"s2.symcb.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-01T05:23:26.174762+0000","flow_id":1726489037746642,"pcap_cnt":274,"event_type":"fileinfo","src_ip":"192.168.56.151","src_port":49201,"dest_ip":"23.214.174.91","dest_port":80,"proto":"TCP","http":{"hostname":"go.microsoft.com","url":"\/fwlink\/?LinkID=109572&clcid=0x409","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/fwlink\/","gaps":false,"state":"CLOSED","stored":false,"size":1814,"tx_id":0}}
{"timestamp":"2018-11-01T05:23:26.174915+0000","flow_id":1726489037746642,"pcap_cnt":275,"event_type":"http","src_ip":"192.168.56.151","src_port":49201,"dest_ip":"23.214.174.91","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"go.microsoft.com","url":"\/fwlink\/?LinkID=109572&clcid=0x409","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT"}}
{"timestamp":"2018-11-01T05:23:26.183411+0000","flow_id":1948805134857854,"pcap_cnt":278,"event_type":"fileinfo","src_ip":"52.178.147.240","src_port":80,"dest_ip":"192.168.56.151","dest_port":49198,"proto":"TCP","http":{"hostname":"dmd.metaservices.microsoft.com","url":"\/dms\/metadata.svc","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","http_content_type":"text\/xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":1730},"app_proto":"http","fileinfo":{"filename":"\/dms\/metadata.svc","gaps":false,"state":"CLOSED","stored":false,"size":1730,"tx_id":1}}
{"timestamp":"2018-11-01T05:23:26.183484+0000","flow_id":1948805134857854,"pcap_cnt":279,"event_type":"alert","src_ip":"192.168.56.151","src_port":49198,"dest_ip":"52.178.147.240","dest_port":80,"proto":"TCP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2025275,"rev":1,"signature":"ET INFO Windows OS Submitting USB Metadata to Microsoft","category":"Misc activity","severity":3},"app_proto":"http"}
{"timestamp":"2018-11-01T05:23:26.188107+0000","flow_id":378135594784865,"pcap_cnt":284,"event_type":"http","src_ip":"192.168.56.151","src_port":49200,"dest_ip":"8.253.190.121","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"ctldl.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab?5862399f89b790cd","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed"}}
{"timestamp":"2018-11-01T05:23:26.636428+0000","flow_id":891306877270938,"pcap_cnt":285,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.151","dest_port":63527,"proto":"UDP","dns":{"type":"answer","id":63073,"rcode":"NOERROR","rrname":"s2.symcb.com","rrtype":"A","ttl":300,"rdata":"23.37.43.27"}}
{"timestamp":"2018-11-01T05:23:26.636567+0000","flow_id":1948805134857854,"pcap_cnt":288,"event_type":"http","src_ip":"192.168.56.151","src_port":49198,"dest_ip":"52.178.147.240","dest_port":80,"proto":"TCP","tx_id":2,"http":{"hostname":"dmd.metaservices.microsoft.com","url":"\/dms\/metadata.svc","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","http_content_type":"text\/xml"}}
{"timestamp":"2018-11-01T05:23:26.636567+0000","flow_id":1948805134857854,"pcap_cnt":288,"event_type":"fileinfo","src_ip":"192.168.56.151","src_port":49198,"dest_ip":"52.178.147.240","dest_port":80,"proto":"TCP","http":{"hostname":"dmd.metaservices.microsoft.com","url":"\/dms\/metadata.svc","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","http_content_type":"text\/xml","http_method":"POST","protocol":"HTTP\/1.1","status":200,"length":1730},"app_proto":"http","fileinfo":{"filename":"\/dms\/metadata.svc","gaps":false,"state":"CLOSED","stored":false,"size":1814,"tx_id":2}}
{"timestamp":"2018-11-01T05:23:26.777893+0000","flow_id":186696017569222,"pcap_cnt":301,"event_type":"http","src_ip":"192.168.56.151","src_port":49202,"dest_ip":"23.214.174.91","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"go.microsoft.com","url":"\/fwlink\/?LinkID=109572&clcid=0x409","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT"}}
{"timestamp":"2018-11-01T05:23:26.777893+0000","flow_id":186696017569222,"pcap_cnt":301,"event_type":"fileinfo","src_ip":"192.168.56.151","src_port":49202,"dest_ip":"23.214.174.91","dest_port":80,"proto":"TCP","http":{"hostname":"go.microsoft.com","url":"\/fwlink\/?LinkID=109572&clcid=0x409","http_user_agent":"MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/fwlink\/","gaps":false,"state":"CLOSED","stored":false,"size":1194,"tx_id":0}}
{"timestamp":"2018-11-01T05:23:27.155677+0000","flow_id":984258559538842,"pcap_cnt":304,"event_type":"http","src_ip":"192.168.56.151","src_port":49203,"dest_ip":"23.37.43.27","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"s2.symcb.com","url":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD%2BOyl%2B0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCED141%2Fl2SWCyYX308B7Khio%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/ocsp-response"}}
{"timestamp":"2018-11-01T05:23:27.298387+0000","flow_id":83659752181139,"pcap_cnt":306,"event_type":"dns","src_ip":"192.168.56.151","src_port":55800,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":50942,"rrname":"sv.symcd.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-01T05:23:27.748806+0000","flow_id":83659752181139,"pcap_cnt":307,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.151","dest_port":55800,"proto":"UDP","dns":{"type":"answer","id":50942,"rcode":"NOERROR","rrname":"sv.symcd.com","rrtype":"A","ttl":300,"rdata":"23.37.43.27"}}
{"timestamp":"2018-11-01T05:23:28.114959+0000","flow_id":552081770378930,"pcap_cnt":315,"event_type":"http","src_ip":"192.168.56.151","src_port":49204,"dest_ip":"23.37.43.27","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"sv.symcd.com","url":"\/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQe6LNDJdqx%2BJOp7hVgTeaGFJ%2FCQgQUljtT8Hkzl699g%2B8uK8zKt4YecmYCEBuN56dlW1Lzehhu%2FtdSD3U%3D","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/ocsp-response"}}
{"timestamp":"2018-11-01T05:23:33.014852+0000","flow_id":2147700775926276,"pcap_cnt":316,"event_type":"dns","src_ip":"192.168.56.151","src_port":55824,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":64468,"rrname":"bit.ly","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-01T05:23:33.328054+0000","flow_id":2147700775926276,"pcap_cnt":317,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.151","dest_port":55824,"proto":"UDP","dns":{"type":"answer","id":64468,"rcode":"NOERROR","rrname":"bit.ly","rrtype":"A","ttl":300,"rdata":"67.199.248.10"}}
{"timestamp":"2018-11-01T05:23:34.703297+0000","flow_id":1197495096360988,"pcap_cnt":327,"event_type":"http","src_ip":"192.168.56.151","src_port":49205,"dest_ip":"67.199.248.10","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"bit.ly","url":"\/2OYxGR3","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2018-11-01T05:23:34.729643+0000","flow_id":642271789064747,"pcap_cnt":328,"event_type":"dns","src_ip":"192.168.56.151","src_port":58453,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":49628,"rrname":"541097.directmailermarketing.com","rrtype":"A","tx_id":0}}
{"timestamp":"2018-11-01T05:23:35.112642+0000","flow_id":642271789064747,"pcap_cnt":329,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"192.168.56.151","dest_port":58453,"proto":"UDP","dns":{"type":"answer","id":49628,"rcode":"NOERROR","rrname":"541097.directmailermarketing.com","rrtype":"A","ttl":3600,"rdata":"85.143.172.183"}}
{"timestamp":"2018-11-01T05:23:35.534550+0000","flow_id":1502334695232973,"pcap_cnt":339,"event_type":"http","src_ip":"192.168.56.151","src_port":49208,"dest_ip":"85.143.172.183","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"541097.directmailermarketing.com","url":"\/randomlink\/709826709","http_user_agent":"Mozilla\/5.0 (Windows NT 6.1; WOW64; Trident\/7.0; rv:11.0) like Gecko","http_content_type":"text\/html"}}
{"timestamp":"2018-11-01T05:23:35.540896+0000","flow_id":1968935647264992,"pcap_cnt":340,"event_type":"dns","src_ip":"192.168.56.151","src_port":63295,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":17722,"rrname":"directmailermarketing.com","rrtype":"A","tx_id":0}}
{"timesta



	
	This file has been truncated. Go here to download in full.
	



	

	
	unified2.alert.1571672553 - (5835 bytes) - download

	 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89 4[ÚÌ¹1ç;À¨84²ðÀ.P©[ÚÌ[ÚÌ¹1E÷À¨84²ðÀ.PPÔPOST /dms/metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 2392
Host: dmd.metaservices.microsoft.com

4[ÚÍ
ç;À¨84²ðÀ.P©[ÚÍ[ÚÍ
E÷À¨84²ðÀ.PP×POST /dms/metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1276
Host: dmd.metaservices.microsoft.com

N[ÚÍ[ÚÍ
2E$óòÀ¨84²ðÀ.PPæ«ÿþ<?xml version="1.0" encoding="UTF-16"?><s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"><s:Header><h:cd xmlns:h="http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms"><h:cv>6.1.7601</h:cv><h:cc>USA</h:cc></h:cd></s:Header><s:Body><DeviceMetadataBatchRequest xmlns="http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms"><LocList><loc>en-us</loc><loc>en</loc></LocList><MIDRequests></MIDRequests><HWIDRequests><gdmdhwid><rid>1</rid><hwids><hwid>DOID:Monitor\Default_Monitor</hwid><hwid>DOID:AnyDevice</hwid></hwids></gdmdhwid></HWIDRequests></DeviceMetadataBatchRequest></s:Body></s:Envelope>4[ÚÎÌ¼ç;À¨84²ðÀ.P©[ÚÎ[ÚÎÌ¼E÷À¨84²ðÀ.PP{ÝPOST /dms/metadata.svc HTTP/1.1
Connection: Keep-Alive
Content-Type: text/xml; charset="UTF-16LE"
User-Agent: MICROSOFT_DEVICE_METADATA_RETRIEVAL_CLIENT
SOAPAction: "http://schemas.microsoft.com/windowsmetadata/services/2007/09/18/dms/DeviceMetadataService/GetDeviceMetadata"
Content-Length: 1814
Host: dmd.metaservices.microsoft.com

4[ÚÙG¶À¨8øe5g[ÚÙ[ÚÙGK
'
'ÁmE=,ÐÀ¨8øe5)híÓoriginalliretk4[ÚÛ3õ¶
À¨8-#¾À<Ph[ÚÛ[ÚÛ3õLE>ÕGÀ¨8-#¾À<PP@äGET /index/?5031540415715 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: originallire.tk
Connection: Keep-Alive
DNT: 1

4[ÚÛ
Ýî¶
À¨8-#¾À<P[ÚÛ[ÚÛ
ÝîäEÖÔ¯À¨8-#¾À<PP¿ÙGET /?number=04-81-68-20-78&lang=fr HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Cookie: 00831=%7B%22streams%22%3A%7B%225797%22%3A1541049687%7D%2C%22campaigns%22%3A%7B%22671%22%3A1541049687%7D%2C%22time%22%3A1541049687%7D
Host: originallire.tk
Connection: Keep-Alive
DNT: 1

4[ÚÜmÀ¶
À¨8-#¾À<PF[ÚÜ[ÚÜmÀ*EÔiÀ¨8-#¾À<PPÒÕGET /include/ie/defender.png HTTP/1.1
Accept: image/png, image/svg+xml, image/*;q=0.8, */*;q=0.5
Referer: http://originallire.tk/?number=04-81-68-20-78&lang=fr
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: originallire.tk
DNT: 1
Connection: Keep-Alive
Cookie: 00831=%7B%22streams%22%3A%7B%225797%22%3A1541049687%7D%2C%22campaigns%22%3A%7B%22671%22%3A1541049687%7D%2C%22time%22%3A1541049687%7D

4[Úè
Y¶
À¨8-#¾À<PN[Úè[Úè
Y2E$ÔaÀ¨8-#¾À<PP2GET /include/fr.mp3 HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept: */*
Referer: http://originallire.tk/?number=04-81-68-20-78&lang=fr
GetContentFeatures.DLNA.ORG: 1
Pragma: getIfoFileURI.dlna.org
Accept-Language: en-US
Accept-Encoding: gzip, deflate
Host: originallire.tk
DNT: 1
Connection: Keep-Alive
Cookie: 00831=%7B%22streams%22%3A%7B%225797%22%3A1541049687%7D%2C%22campaigns%22%3A%7B%22671%22%3A1541049687%7D%2C%22time%22%3A1541049687%7D

4	[Úè¶
À¨8-#¾À;P³	[Úè[ÚèEÔüÀ¨8-#¾À;PP#GET /favicon.ico HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; Trident/7.0; rv:11.0) like Gecko
Host: originallire.tk
DNT: 1
Connection: Keep-Alive
Cookie: 00831=%7B%22streams%22%3A%7B%225797%22%3A1541049687%7D%2C%22campaigns%22%3A%7B%22671%22%3A1541049687%7D%2C%22time%22%3A1541049687%7D



	



	

	
	keyword_perf.log - (13151 bytes) - download

	  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113   --------------------------------------------------------------------------------------------------------------------------------
  Date: 10/21/2019 -- 15:42:34
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             6755856         1139            1139            65178           5931.00         5931.00         0.00           
  content          26409500        3791            1450            431584          6966.00         7734.00         6490.00        
  pcre             4015262         384             91              135002          10456.00        10791.00        10352.00       
  byte_test        1320904         236             96              25088           5597.00         6265.00         5138.00        
  byte_jump        115798          18              11              17998           6433.00         5715.00         7561.00        
  isdataat         169154          30              0               22612           5638.00         0.00            5638.00        
  flowbits         99840           14              1               22652           7131.00         16428.00        6416.00        
  urilen           1286310         220             82              26824           5846.00         5776.00         5888.00        
  byte_extract     476142          74              74              33632           6434.00         6434.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             6755856         1139            1139            65178           5931.00         5931.00         0.00           
  flowbits         83412           13              0               22652           6416.00         0.00            6416.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15762394        2288            629             431584          6889.00         8034.00         6455.00        
  pcre             1360328         155             11              135002          8776.00         9528.00         8718.00        
  byte_test        1320904         236             96              25088           5597.00         6265.00         5138.00        
  byte_jump        110140          17              10              17998           6478.00         5721.00         7561.00        
  isdataat         139914          24              0               22612           5829.00         0.00            5829.00        
  byte_extract     476142          74              74              33632           6434.00         6434.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         16428           1               1               16428           16428.00        16428.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1520788         236             112             30008           6444.00         6035.00         6812.00        
  pcre             1307580         105             10              67048           12453.00        16408.00        12036.00       
  isdataat         29240           6               0               5642            4873.00         0.00            4873.00        
  urilen           1286310         220             82              26824           5846.00         5776.00         5888.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          92222           17              0               7326            5424.00         0.00            5424.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          790920          32              8               148300          24716.00        82266.00        5533.00        
  pcre             103330          7               0               30020           14761.00        0.00            14761.00       
  byte_jump        5658            1               1               5658            5658.00         5658.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          6287240         933             582             54472           6738.00         6910.00         6453.00        
  pcre             1069322         97              50              34532           11023.00        10767.00        11296.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          994348          121             41              86996           8217.00         8142.00         8256.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          96114           16              16              7600            6007.00         6007.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          109374          20              5               6658            5468.00         5712.00         5387.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          532012          89              37              25036           5977.00         6336.00         5722.00        
  pcre             174702          20              20              22798           8735.00         8735.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_host
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          86584           15              15              7194            5772.00         5772.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          110802          19              5               13054           5831.00         5316.00         6015.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          26702           5               0               6674            5340.00         0.00            5340.00        



	



	

	
	suricata-4.0.0-etpro-all-perf.txt-2019-10-21-T-15-42-34-10212019.1542-b41414ea24b69083a0a15422fd187d14aeecfab6a900538da0484cdab363c993_network.pcap.txt - (51671 bytes) - download

	  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130   --------------------------------------------------------------------------
  Date: 10/21/2019 -- 15:42:34. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2822213      1        2        6116486      4.98   36       0        697938      169902.39   0.00        169902.39  
  2        2021749      1        6        6999200      5.70   23       0        681392      304313.04   0.00        304313.04  
  3        2814978      1        2        6509196      5.30   38       0        660068      171294.63   0.00        171294.63  
  4        2018457      1        1        2134062      1.74   31       0        520558      68840.71    0.00        68840.71   
  5        2020661      1        3        1184756      0.96   16       0        495830      74047.25    0.00        74047.25   
  6        2018005      1        6        3479328      2.83   36       0        440418      96648.00    0.00        96648.00   
  7        2809256      1        3        437932       0.36   2        0        432452      218966.00   0.00        218966.00  
  8        2021701      1        1        445018       0.36   5        0        424434      89003.60    0.00        89003.60   
  9        2819664      1        2        720020       0.59   3        0        351958      240006.67   0.00        240006.67  
  10       2814979      1        2        6105742      4.97   38       0        345654      160677.42   0.00        160677.42  
  11       2819930      1        2        695810       0.57   3        0        309466      231936.67   0.00        231936.67  
  12       2021529      1        3        269946       0.22   1        0        269946      269946.00   0.00        269946.00  
  13       2100540      1        12       646566       0.53   71       0        210278      9106.56     0.00        9106.56    
  14       2020295      1        6        773402       0.63   10       0        174852      77340.20    0.00        77340.20   
  15       2025064      1        5        787200       0.64   10       0        152708      78720.00    0.00        78720.00   
  16       2022480      1        2        308120       0.25   4        0        133164      77030.00    0.00        77030.00   
  17       2815254      1        7        963410       0.78   10       0        133036      96341.00    0.00        96341.00   
  18       2816910      1        2        1065670      0.87   10       0        128226      106567.00   0.00        106567.00  
  19       2825063      1        2        568056       0.46   10       0        125576      56805.60    0.00        56805.60   
  20       2816909      1        2        1000000      0.81   10       0        124270      100000.00   0.00        100000.00  
  21       2828060      1        4        567272       0.46   9        0        119720      63030.22    0.00        63030.22   
  22       2816895      1        2        516190       0.42   7        0        119052      73741.43    0.00        73741.43   
  23       2814570      1        4        462930       0.38   5        0        116418      92586.00    0.00        92586.00   
  24       2022466      1        5        113976       0.09   1        0        113976      113976.00   0.00        113976.00  
  25       2020496      1        2        1083006      0.88   17       0        111896      63706.24    0.00        63706.24   
  26       2816927      1        3        720970       0.59   10       0        107462      72097.00    0.00        72097.00   
  27       2014701      1        12       1194980      0.97   48       0        105068      24895.42    0.00        24895.42   
  28       2816940      1        2        941924       0.77   10       0        104916      94192.40    0.00        94192.40   
  29       2816925      1        3        566840       0.46   10       0        104902      56684.00    0.00        56684.00   
  30       2016537      1        2        2359372      1.92   72       0        103404      32769.06    0.00        32769.06   
  31       2021248      1        7        658346       0.54   16       0        103120      41146.62    0.00        41146.62   
  32       2023818      1        2        102274       0.08   1        1        102274      102274.00   102274.00   0.00       
  33       2816356      1        2        839578       0.68   13       0        102162      64582.92    0.00        64582.92   
  34       2022502      1        4        1244204      1.01   21       0        100942      59247.81    0.00        59247.81   
  35       2821839      1        2        533468       0.43   7        0        98460       76209.71    0.00        76209.71   
  36       2816928      1        3        690072       0.56   10       0        98224       69007.20    0.00        69007.20   
  37       2816931      1        3        575194       0.47   10       0        97242       57519.40    0.00        57519.40   
  38       2018010      1        5        339524       0.28   7        0        97160       48503.43    0.00        48503.43   
  39       2816802      1        2        335514       0.27   6        0        94116       55919.00    0.00        55919.00   
  40       2017552      1        6        3155268      2.57   100      0        93782       31552.68    0.00        31552.68   
  41       2824408      1        2        544354       0.44   10       0        93724       54435.40    0.00        54435.40   
  42       2828986      1        2        479052       0.39   8        0        93452       59881.50    0.00        59881.50   
  43       2820851      1        5        681950       0.56   10       0        92610       68195.00    0.00        68195.00   
  44       2021418      1        9        92106        0.07   1        0        92106       92106.00    0.00        92106.00   
  45       2024140      1        2        315808       0.26   6        0        91470       52634.67    0.00        52634.67   
  46       2007880      1        7        520258       0.42   11       0        91298       47296.18    0.00        47296.18   
  47       2821014      1        13       91158        0.07   1        0        91158       91158.00    0.00        91158.00   
  48       2823169      1        2        90718        0.07   1        0        90718       90718.00    0.00        90718.00   
  49       2019094      1        5        90652        0.07   1        0        90652       90652.00    0.00        90652.00   
  50       2022609      1        2        90256        0.07   1        0        90256       90256.00    0.00        90256.00   
  51       2804907      1        3        119692       0.10   7        0        89886       17098.86    0.00        17098.86   
  52       2804927      1        2        114790       0.09   6        0        89828       19131.67    0.00        19131.67   
  53       2024771      1        1        1871326      1.52   98       0        89584       19095.16    0.00        19095.16   
  54       2807970      1        8        89308        0.07   1        0        89308       89308.00    0.00        89308.00   
  55       2829848      1        2        456974       0.37   8        0        88204       57121.75    0.00        57121.75   
  56       2816929      1        4        704606       0.57   10       0        87882       70460.60    0.00        70460.60   
  57       2816165      1        5        1414988      1.15   28       0        87778       50535.29    0.00        50535.29   
  58       2816327      1        4        681548       0.55   10       0        86496       68154.80    0.00        68154.80   
  59       2815481      1        6        83668        0.07   1        0        83668       83668.00    0.00        83668.00   
  60       2025275      1        1        417382       0.34   7        3        83006       59626.00    74434.00    48520.00   
  61       2814472      1        4        383100       0.31   5        0        82564       76620.00    0.00        76620.00   
  62       2812614      1        2        82416        0.07   1        0        82416       82416.00    0.00        82416.00   
  63       2021267      1        2        500618       0.41   16       0        82386       31288.62    0.00        31288.62   
  64       2021413      1        2        82326        0.07   1        0        82326       82326.00    0.00        82326.00   
  65       2816922      1        5        594498       0.48   10       0        82320       59449.80    0.00        59449.80   
  66       2021266      1        2        540742       0.44   16       0        81310       33796.38    0.00        33796.38   
  67       2823663      1        3        296356       0.24   6        0        79164       49392.67    0.00        49392.67   
  68       2018789      1        3        541326       0.44   38       0        79030       14245.42    0.00        14245.42   
  69       2024139      1        2        304188       0.25   6        0        78998       50698.00    0.00        50698.00   
  70       2822979      1        3        78888        0.06   1        0        78888       78888.00    0.00        78888.00   
  71       2012612      1        16       545024       0.44   12       0        78728       45418.67    0.00        45418.67   
  72       2819673      1        4        575194       0.47   10       0        78580       57519.40    0.00        57519.40   
  73       2809363      1        3        77662        0.06   1        0        77662       77662.00    0.00        77662.00   
  74       2801929      1        7        148424       0.12   6        0        77644       24737.33    0.00        24737.33   
  75       2816831      1        2        300712       0.24   6        0        77450       50118.67    0.00        50118.67   
  76       2816525      1        10       593294       0.48   10       0        77054       59329.40    0.00        59329.40   
  77       2823855      1        7        320742       0.26   6        0        76170       53457.00    0.00        53457.00   
  78       2806659      1        4        505748       0.41   11       0        75526       45977.09    0.00        45977.09   
  79       2826256      1        2        1133172      0.92   28       0        75364       40470.43    0.00        40470.43   
  80       2816857      1        2        433932       0.35   10       0        75240       43393.20    0.00        43393.20   
  81       2017261      1        3        75124        0.06   1        0        75124       75124.00    0.00        75124.00   
  82       2012810      1        10       310418       0.25   5        5        74958       62083.60    62083.60    0.00       
  83       2827279      1        5        1170434      0.95   28       0        74648       41801.21    0.00        41801.21   
  84       2816930      1        4        540884       0.44   10       0        74252       54088.40    0.00        54088.40   
  85       2015781      1        2        336288       0.27   6        0        74120       56048.00    0.00        56048.00   
  86       2815817      1        5        550362       0.45   10       0        73256       55036.20    0.00        55036.20   
  87       2827575      1        2        540692       0.44   10       0        72106       54069.20    0.00        54069.20   
  88       2023916      1        2        71782        0.06   1        0        71782       71782.00    0.00        71782.00   
  89       2024134      1        2        303204       0.25   6        0        71470       50534.00    0.00        50534.00   
  90       2830124      1        1        71460        0.06   1        0        71460       71460.00    0.00        71460.00   
  91       2809850      1        2        545164       0.44   11       0        71024       49560.36    0.00        49560.36   
  92       2024135      1        2        289448       0.24   6        0        70958       48241.33    0.00        48241.33   
  93       2828008      1        2        1108338      0.90   28       0        70310       39583.50    0.00        39583.50   
  94       2816328      1        5        473788       0.39   10       0        70110       47378.80    0.00        47378.80   
  95       2801930      1        7        155806       0.13   6        0        69928       25967.67    0.00        25967.67   
  96       2024141      1        2        291724       0.24   6        0        69726       48620.67    0.00        48620.67   
  97       2804911      1        3        73448        0.06   2        0        68956       36724.00    0.00        36724.00   
  98       2821615      1        2        1449060      1.18   28       0        68634       51752.14    0.00        51752.14   
  99       2020780      1        2        67600        0.06   1        0        67600       67600.00    0.00        67600.00   
  100      2022901      1        2        67500        0.05   1        0        67500       67500.00    0.00        67500.00   
  101      2820592      1        3        270640       0.22   6        0        67366       45106.67    0.00        45106.67   
  102      2821471      1        2        67288        0.05   1        0        67288       67288.00    0.00        67288.00   
  103      2823077      1        4        207442       0.17   4        0        66874       51860.50    0.00        51860.50   
  104      2830036      1        1        813492       0.66   19       0        66756       42815.37    0.00        42815.37   
  105      2815886      1        2        236496       0.19   5        0        66612       47299.20    0.00        47299.20   
  106      2017567      1        3        299030       0.24   6        0        65208       49838.33    0.00        49838.33   
  107      2025162      1        2        64644        0.05   1        0        64644       64644.00    0.00        64644.00   
  108      2827580      1        7        277382       0.23   7        0        63838       39626.00    0.00        39626.00   
  109      2803760      1        3        752996       0.61   24       0        63586       31374.83    0.00        31374.83   
  110      2016726      1        6        332764       0.27   6        0        63416       55460.67    0.00        55460.67   
  111      2828823      1        2        247574       0.20   5        0        63236       49514.80    0.00        49514.80   
  112      2816526      1        13       477886       0.39   10       0        63150       47788.60    0.00        47788.60   
  113      2803027      1        6        98052        0.08   8        0        63120       12256.50    0.00        12256.50   
  114      2021071      1        2        62310        0.05   1        0        62310       62310.00    0.00        62310.00   
  115      2014380      1        4        461704       0.38   14       0        62126       32978.86    0.00        32978.86   
  116      2024601      1        2        553262       0.45   10       0        61408       55326.20    0.00        55326.20   
  117      2826281      1        2        708686       0.58   24       0        61030       29528.58    0.00        29528.58   
  118      2816924      1        4        483728       0.39   10       0        60750       48372.80    0.00        48372.80   
  119      2019230      1        2        718472       0.58   40       0        60732       17961.80    0.00        17961.80   
  120      2811577      1        2        659092       0.54   40       0        60508       16477.30    0.00        16477.30   
  121      2811740      1        2        416126       0.34   10       0        59722       41612.60    0.00        41612.60   
  122      2825027      1        3        244126       0.20   6        0        59548       40687.67    0.00        40687.67   
  123      2024606      1        2        59490        0.05   1        0        59490       59490.00    0.00        59490.00   
  124      2815664      1        3        59440        0.05   1        0        59440       59440.00    0.00        59440.00   
  125      2828190      1        2        



	
	This file has been truncated. Go here to download in full.
	



	

	
	IDSDeathBlossom.py.log - (1212 bytes) - download

	1
2
3
4
5
6
7
8 2019-10-21 15:42:08,345 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-10-21 15:42:09,219 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-10-21 15:42:09,220 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-10-21 15:42:09,220 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-10-21 15:42:09,220 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-10-21 15:42:09,220 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/732bc867391901227a8411a0b0755cb156b33745cb75ec8c950e11a498e082d2 -r /var/pcap/10212019.1542-b41414ea24b69083a0a15422fd187d14aeecfab6a900538da0484cdab363c993_network.pcap -vvv -k none
2019-10-21 15:42:34,355 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-10-21 15:42:34,356 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 26.0207638741
Logfiles
