Filename: eternalblue-failed-patched-win7.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etopen-all
Runtime: 9.24477696419 seconds
Hash: 76fc9162be1778bd0b388c9911eabbed
Uploaded: 1558525804

Logfiles


packet_stats.log - (8192 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             5          1610667        2599271       2255278         11.3m    2.07
 IPv4       2             5         18491215       19541087      18986917         94.9m   17.42
 IPv4      17            54          2002002       20312570       8126647        438.8m   80.51
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             5            81932         139083         94892        474.5k    2.43
TMM_FLOWWORKER              IPv4       2             5            71802        8785322       1821218          9.1m   46.73
TMM_FLOWWORKER              IPv4      17            54           127177         362565        175781          9.5m   48.71
TMM_RECEIVEPCAPFILE         IPv4       1             5             2612           2826          2761         13.8k    0.07
TMM_RECEIVEPCAPFILE         IPv4       2             5             2772          20605          6370         31.9k    0.16
TMM_RECEIVEPCAPFILE         IPv4      17            54             2551           8728          3017        162.9k    0.84
TMM_DECODEPCAPFILE          IPv4       1             5             2707          19767          6262         31.3k    0.16
TMM_DECODEPCAPFILE          IPv4       2             5             2685           3468          3106         15.5k    0.08
TMM_DECODEPCAPFILE          IPv4      17            54             2694           5680          2954        159.5k    0.82

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4      17            54             2676           9578          3336        180.2k  0.98  
app-layer               IPv4      17            54             2523          22044          3724        201.1k  1.09  
detect                  IPv4       1             5            76447         133513         89372        446.9k  2.43  
detect                  IPv4       2             5            66279        8773101       1814211          9.1m  49.31 
detect                  IPv4      17            54           110125         341747        157353          8.5m  46.19 
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
Proto detect            IPv4      17             6             3087          15240          5763         34.6k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             5             3045          15984          5743        28.7k  6.15  
payload                           IPv4      17            54             3396          76138          8112       438.1k  93.85 
Total                             IPv4                    59                                          7911       466.8k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             5            18640          51950         25513        127.6k  1.42  
PROF_DETECT_IPONLY          IPv4       2             5            18675          41510         25572        127.9k  1.42  
PROF_DETECT_IPONLY          IPv4      17             7            18811          38631         24887        174.2k  1.93  
PROF_DETECT_RULES           IPv4       1             5             2540           2815          2603         13.0k  0.14  
PROF_DETECT_RULES           IPv4       2             5             2549           2833          2697         13.5k  0.15  
PROF_DETECT_RULES           IPv4      17            54            49799         197161         85488          4.6m  51.22 
PROF_DETECT_STATEFUL_CONT    IPv4       1             5             2529           2709          2596         13.0k  0.14  
PROF_DETECT_STATEFUL_CONT    IPv4       2             5             2520           3041          2640         13.2k  0.15  
PROF_DETECT_STATEFUL_CONT    IPv4      17            54             2511           3634          2762        149.2k  1.65  
PROF_DETECT_PREFILTER       IPv4       1             5            18817          36289         22609        113.0k  1.25  
PROF_DETECT_PREFILTER       IPv4       2             5             7906          15157         10141         50.7k  0.56  
PROF_DETECT_PREFILTER       IPv4      17            54            24136         100475         31854          1.7m  19.08 
PROF_DETECT_PF_PAYLOAD      IPv4       1             5             8246          22007         11098         55.5k  0.62  
PROF_DETECT_PF_PAYLOAD      IPv4      17            54             8504          81544         13352        721.0k  8.00  
PROF_DETECT_PF_SORT1        IPv4      17            54             2680           4590          3175        171.5k  1.90  
PROF_DETECT_PF_SORT2        IPv4       1             5             2522           2795          2653         13.3k  0.15  
PROF_DETECT_PF_SORT2        IPv4       2             5             2545           2860          2662         13.3k  0.15  
PROF_DETECT_PF_SORT2        IPv4      17            54             2555           3533          2696        145.6k  1.62  
PROF_DETECT_NONMPMLIST      IPv4       1             5             2547           2934          2679         13.4k  0.15  
PROF_DETECT_NONMPMLIST      IPv4       2             5             2539           2820          2724         13.6k  0.15  
PROF_DETECT_NONMPMLIST      IPv4      17            54             2523           3371          2709        146.3k  1.62  
PROF_DETECT_ALERT           IPv4       1             5             2540           2593          2555         12.8k  0.14  
PROF_DETECT_ALERT           IPv4       2             5             2539           4091          2868         14.3k  0.16  
PROF_DETECT_ALERT           IPv4      17            54             2538           3264          2649        143.1k  1.59  
PROF_DETECT_CLEANUP         IPv4       1             5             2523           2564          2535         12.7k  0.14  
PROF_DETECT_CLEANUP         IPv4       2             5             2535           3564          2806         14.0k  0.16  
PROF_DETECT_CLEANUP         IPv4      17            54             2529           7848          2941        158.9k  1.76  
PROF_DETECT_GETSGH          IPv4       1             5             2538           2798          2655         13.3k  0.15  
PROF_DETECT_GETSGH          IPv4       2             5             2617           2838          2762         13.8k  0.15  
PROF_DETECT_GETSGH          IPv4      17            54             2523          19760          3800        205.2k  2.28  


suricata-4.0.0-etopen-all-perf.txt-2019-05-22-T-11-50-14-05172019.1120-eternalblue-failed-patched-win7.pcap.txt - (5206 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
  --------------------------------------------------------------------------
  Date: 5/22/2019 -- 11:50:14. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2010140      1        7        245036       11.51  54       0        62672       4537.70     0.00        4537.70    
  2        2100518      1        8        70205        3.30   15       0        33189       4680.33     0.00        4680.33    
  3        2022973      1        1        31443        1.48   1        0        31443       31443.00    0.00        31443.00   
  4        2023624      1        3        157198       7.38   50       0        25779       3143.96     0.00        3143.96    
  5        2019010      1        3        41744        1.96   15       0        4555        2782.93     0.00        2782.93    
  6        2019011      1        3        40927        1.92   15       0        4161        2728.47     0.00        2728.47    
  7        2019016      1        3        40529        1.90   15       0        4019        2701.93     0.00        2701.93    
  8        2010143      1        3        147413       6.92   54       0        3973        2729.87     0.00        2729.87    
  9        2008120      1        4        137102       6.44   52       0        3875        2636.58     0.00        2636.58    
  10       2019017      1        3        40421        1.90   15       0        3638        2694.73     0.00        2694.73    
  11       2008118      1        3        89266        4.19   33       0        3612        2705.03     0.00        2705.03    
  12       2023627      1        3        128870       6.05   49       0        3575        2630.00     0.00        2630.00    
  13       2023613      1        3        53724        2.52   20       0        3568        2686.20     0.00        2686.20    
  14       2016178      1        2        6233         0.29   2        0        3509        3116.50     0.00        3116.50    
  15       2009702      1        5        3466         0.16   1        0        3466        3466.00     0.00        3466.00    
  16       2009243      1        2        88505        4.16   33       0        3435        2681.97     0.00        2681.97    
  17       2023625      1        3        90360        4.24   35       0        3371        2581.71     0.00        2581.71    
  18       2023626      1        3        137637       6.46   53       0        3343        2596.92     0.00        2596.92    
  19       2008116      1        4        39297        1.85   15       0        3270        2619.80     0.00        2619.80    
  20       2023619      1        3        52080        2.45   20       0        3258        2604.00     0.00        2604.00    
  21       2102257      1        10       6047         0.28   2        0        3234        3023.50     0.00        3023.50    
  22       2013739      1        15       3216         0.15   1        0        3216        3216.00     0.00        3216.00    
  23       2016181      1        2        5955         0.28   2        0        3177        2977.50     0.00        2977.50    
  24       2010142      1        4        140089       6.58   54       0        3149        2594.24     0.00        2594.24    
  25       2023623      1        3        123368       5.79   48       0        3113        2570.17     0.00        2570.17    
  26       2016179      1        2        5940         0.28   2        0        3109        2970.00     0.00        2970.00    
  27       2014703      1        9        3102         0.15   1        0        3102        3102.00     0.00        3102.00    
  28       2008117      1        3        38897        1.83   15       0        3037        2593.13     0.00        2593.13    
  29       2014701      1        12       2999         0.14   1        0        2999        2999.00     0.00        2999.00    
  30       2014702      1        9        2991         0.14   1        0        2991        2991.00     0.00        2991.00    
  31       2023612      1        4        5460         0.26   2        0        2918        2730.00     0.00        2730.00    
  32       2023622      1        3        126031       5.92   49       0        2911        2572.06     0.00        2572.06    
  33       2023615      1        3        2875         0.14   1        0        2875        2875.00     0.00        2875.00    
  34       2023617      1        3        5416         0.25   2        0        2814        2708.00     0.00        2708.00    
  35       2023618      1        3        2634         0.12   1        0        2634        2634.00     0.00        2634.00    
  36       2023614      1        3        5080         0.24   2        0        2544        2540.00     0.00        2540.00    
  37       2023620      1        3        7603         0.36   3        0        2538        2534.33     0.00        2534.33    


suricata-report-2019-05-22-T-11-50-14-05172019.1120-eternalblue-failed-patched-win7.pcap.txt - (18003 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/76fc9162be1778bd0b388c9911eabbedd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/05172019.1120-eternalblue-failed-patched-win7.pcap -vvv -k none
elapsedtime:8.321683
stderr:
stdout:
22/5/2019 -- 11:50:05 - <Info> - Configuration node 'rule-files' redefined.
22/5/2019 -- 11:50:05 - <Notice> - This is Suricata version 4.0.0 RELEASE
22/5/2019 -- 11:50:05 - <Info> - CPUs/cores online: 1
22/5/2019 -- 11:50:05 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 32088 and 'request-body-inspect-window' set to 16183 after randomization.
22/5/2019 -- 11:50:05 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 34350 and 'response-body-inspect-window' set to 16116 after randomization.
22/5/2019 -- 11:50:05 - <Config> - DNS request flood protection level: 500
22/5/2019 -- 11:50:05 - <Config> - DNS per flow memcap (state-memcap): 524288
22/5/2019 -- 11:50:05 - <Config> - DNS global memcap: 16777216
22/5/2019 -- 11:50:05 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
22/5/2019 -- 11:50:05 - <Config> - preallocated 1000 hosts of size 136
22/5/2019 -- 11:50:05 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
22/5/2019 -- 11:50:05 - <Config> - using magic-file /usr/share/file/magic
22/5/2019 -- 11:50:05 - <Config> - Core dump size is unlimited.
22/5/2019 -- 11:50:05 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
22/5/2019 -- 11:50:05 - <Config> - preallocated 1000 defrag trackers of size 168
22/5/2019 -- 11:50:05 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
22/5/2019 -- 11:50:05 - <Config> - stream "prealloc-sessions": 2048 (per thread)
22/5/2019 -- 11:50:05 - <Config> - stream "memcap": 33554432
22/5/2019 -- 11:50:05 - <Config> - stream "midstream" session pickups: disabled
22/5/2019 -- 11:50:05 - <Config> - stream "async-oneside": disabled
22/5/2019 -- 11:50:05 - <Config> - stream "checksum-validation": disabled
22/5/2019 -- 11:50:05 - <Config> - stream."inline": disabled
22/5/2019 -- 11:50:05 - <Config> - stream "bypass": disabled
22/5/2019 -- 11:50:05 - <Config> - stream "max-synack-queued": 5
22/5/2019 -- 11:50:05 - <Config> - stream.reassembly "memcap": 134217728
22/5/2019 -- 11:50:05 - <Config> - stream.reassembly "depth": 0
22/5/2019 -- 11:50:05 - <Config> - stream.reassembly "toserver-chunk-size": 2478
22/5/2019 -- 11:50:05 - <Config> - stream.reassembly "toclient-chunk-size": 2686
22/5/2019 -- 11:50:05 - <Config> - stream.reassembly.raw: enabled
22/5/2019 -- 11:50:05 - <Config> - stream.reassembly "segment-prealloc": 2048
22/5/2019 -- 11:50:05 - <Config> - Delayed detect disabled
22/5/2019 -- 11:50:05 - <Config> - pattern matchers: MPM: ac, SPM: bm
22/5/2019 -- 11:50:05 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
22/5/2019 -- 11:50:05 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
22/5/2019 -- 11:50:05 - <Config> - prefilter engines: MPM
22/5/2019 -- 11:50:05 - <Config> - IP reputation disabled
22/5/2019 -- 11:50:05 - <Perf> - Registered 148 keyword profiling counters.
22/5/2019 -- 11:50:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-ftp.rules
22/5/2019 -- 11:50:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-policy.rules
22/5/2019 -- 11:50:05 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-trojan.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-games.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-pop3.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-user_agents.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-activex.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-rpc.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-attack_response.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp.rules
22/5/2019 -- 11:50:07 - <Config> - No rules loaded from ET-emerging-icmp.rules.
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-scan.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-voip.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-chat.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-icmp_info.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-info.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-shellcode.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_client.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-imap.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_server.rules
22/5/2019 -- 11:50:07 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-current_events.rules
22/5/2019 -- 11:50:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-inappropriate.rules
22/5/2019 -- 11:50:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-smtp.rules
22/5/2019 -- 11:50:08 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-web_specific_apps.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-deleted.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-malware.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-snmp.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-worm.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dns.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-misc.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-sql.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-dos.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-netbios.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-telnet.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-exploit.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-p2p.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-tftp.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-emerging-mobile_malware.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-botcc.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-compromised.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-drop.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-dshield.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-tor.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/ET-ciarmy.rules
22/5/2019 -- 11:50:10 - <Config> - Loading rule file: /opt/suricata400/etc/etopen/local.rules
22/5/2019 -- 11:50:10 - <Config> - No rules loaded from local.rules.
22/5/2019 -- 11:50:10 - <Info> - 44 rule files processed. 18236 rules successfully loaded, 0 rules failed
22/5/2019 -- 11:50:10 - <Info> - Threshold config parsed: 0 rule(s) found
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for tcp-packet
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for tcp-stream
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for udp-packet
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for other-ip
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_uri
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_request_line
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_client_body
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_response_line
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_header
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_header
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_header_names
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_header_names
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_accept
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_accept_enc
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_accept_lang
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_referer
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_connection
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_content_len
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_content_len
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_content_type
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_content_type
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_protocol
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_protocol
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_start
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_start
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_raw_header
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_raw_header
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_method
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_cookie
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_cookie
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_raw_uri
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_user_agent
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_host
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_raw_host
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_stat_msg
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_stat_code
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for dns_query
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for tls_sni
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for tls_cert_issuer
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for tls_cert_subject
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for tls_cert_serial
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for dce_stub_data
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for dce_stub_data
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for ssh_protocol
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for ssh_protocol
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for ssh_software
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for ssh_software
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for file_data
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for file_data
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_request_line
22/5/2019 -- 11:50:10 - <Perf> - using shared mpm ctx' for http_response_line
22/5/2019 -- 11:50:10 - <Info> - 18241 signatures processed. 1175 are IP-only rules, 6125 are inspecting packet payload, 13172 inspect application layer, 0 are decoder event only
22/5/2019 -- 11:50:10 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
22/5/2019 -- 11:50:10 - <Perf> - TCP toserver: 41 port groups, 40 unique SGH's, 1 copies
22/5/2019 -- 11:50:10 - <Perf> - TCP toclient: 21 port groups, 21 unique SGH's, 0 copies
22/5/2019 -- 11:50:10 - <Perf> - UDP toserver: 41 port groups, 33 unique SGH's, 8 copies
22/5/2019 -- 11:50:10 - <Perf> - UDP toclient: 21 port groups, 15 unique SGH's, 6 copies
22/5/2019 -- 11:50:10 - <Perf> - OTHER toserver: 254 proto groups, 2 unique SGH's, 252 copies
22/5/2019 -- 11:50:10 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
22/5/2019 -- 11:50:12 - <Perf> - Unique rule groups: 111
22/5/2019 -- 11:50:12 - <Perf> - Builtin MPM "toserver TCP packet": 31
22/5/2019 -- 11:50:12 - <Perf> - Builtin MPM "toclient TCP packet": 20
22/5/2019 -- 11:50:12 - <Perf> - Builtin MPM "toserver TCP stream": 31
22/5/2019 -- 11:50:12 - <Perf> - Builtin MPM "toclient TCP stream": 21
22/5/2019 -- 11:50:12 - <Perf> - Builtin MPM "toserver UDP packet": 33
22/5/2019 -- 11:50:12 - <Perf> - Builtin MPM "toclient UDP packet": 15
22/5/2019 -- 11:50:12 - <Perf> - Builtin MPM "other IP packet": 2
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_uri": 8
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_request_line": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_client_body": 6
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toclient http_response_line": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_header": 6
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toclient http_header": 3
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_header_names": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_accept": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_referer": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_content_len": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_content_type": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toclient http_content_type": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_start": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_method": 3
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_cookie": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toclient http_cookie": 2
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_user_agent": 4
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver http_host": 2
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toclient http_stat_code": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver dns_query": 4
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver tls_sni": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toserver file_data": 1
22/5/2019 -- 11:50:12 - <Perf> - AppLayer MPM "toclient file_data": 5
22/5/2019 -- 11:50:12 - <Perf> - Registered 18241 rule profiling counters.
22/5/2019 -- 11:50:12 - <Info> - fast output device (regular) initialized: alert
22/5/2019 -- 11:50:12 - <Info> - eve-log output device (regular) initialized: eve.json
22/5/2019 -- 11:50:12 - <Config> - enabling 'eve-log' module 'alert'
22/5/2019 -- 11:50:12 - <Config> - enabling 'eve-log' module 'http'
22/5/2019 -- 11:50:12 - <Config> - enabling 'eve-log' module 'dns'
22/5/2019 -- 11:50:12 - <Config> - enabling 'eve-log' module 'tls'
22/5/2019 -- 11:50:12 - <Config> - enabling 'eve-log' module 'files'
22/5/2019 -- 11:50:12 - <Config> - enabling 'eve-log' module 'ssh'
22/5/2019 -- 11:50:12 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
22/5/2019 -- 11

This file has been truncated. Go here to download in full.


stats.log - (1928 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
------------------------------------------------------------------------------------
Date: 5/22/2019 -- 11:50:14 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 82
decoder.bytes                              | Total                     | 9833
decoder.ipv4                               | Total                     | 64
decoder.ethernet                           | Total                     | 82
decoder.udp                                | Total                     | 54
decoder.icmpv4                             | Total                     | 5
decoder.avg_pkt_size                       | Total                     | 119
decoder.max_pkt_size                       | Total                     | 342
flow.udp                                   | Total                     | 6
detect.mpm_list                            | Total                     | 11
detect.match_list                          | Total                     | 11
app_layer.flow.failed_udp                  | Total                     | 6
flow_mgr.new_pruned                        | Total                     | 4
flow.spare                                 | Total                     | 10000
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65534
flow_mgr.rows_empty                        | Total                     | 2
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074880


keyword_perf.log - (1528 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/22/2019 -- 11:50:14
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          84633           10              5               51888           8463.00         13917.00        3009.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          84633           10              5               51888           8463.00         13917.00        3009.00        


IDSDeathBlossom.py.log - (1173 bytes) - download
1
2
3
4
5
6
7
8
2019-05-22 11:50:05,060 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-22 11:50:05,796 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-22 11:50:05,796 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etopen-all
2019-05-22 11:50:05,797 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-22 11:50:05,797 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-22 11:50:05,797 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etopen/suricata400-etopen-all.yaml -l /var/www/html/76fc9162be1778bd0b388c9911eabbedd2a6d3ad9c956d904083161fa55f2f7a -r /var/pcap/05172019.1120-eternalblue-failed-patched-win7.pcap -vvv -k none
2019-05-22 11:50:14,120 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-22 11:50:14,121 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 9.0685710907