Filename: 1c7c6c27-0dee-4525-a97a-ce349a4261b3.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 23.1332728863 seconds
Hash: ab7e2d3058ea8b1ba6e5e06b6f67f534
Uploaded: 1556799091

Logfiles


suricata-4.0.0-etpro-all-alert-2019-05-02-T-12-11-54-05022019.1211-1c7c6c27-0dee-4525-a97a-ce349a4261b3.pcap.txt - (1410 bytes) - download
1
2
3
4
5
6
03/12/2019-07:42:59.875941  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.216.35.182:8443 -> 192.168.100.217:49233
03/12/2019-07:43:03.349158  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.216.35.182:8443 -> 192.168.100.217:49290
03/12/2019-07:43:04.764868  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.216.35.182:8443 -> 192.168.100.217:49311
03/12/2019-07:44:36.242767  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.216.35.182:8443 -> 192.168.100.217:50619
03/12/2019-07:44:38.305559  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.216.35.182:8443 -> 192.168.100.217:50652
03/12/2019-07:44:39.552064  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.216.35.182:8443 -> 192.168.100.217:50673


packet_stats.log - (15452 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           289          2687910       82424737      55507085         16.0b   90.24
 IPv4      17            46           653205       72134646      32911884          1.5b    8.52
 IPv6      17             9           488275       69019757      24586986        221.3m    1.24
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           289            69993       14498071        250291         72.3m   81.20
TMM_FLOWWORKER              IPv4      17            46           118255        3259041        285639         13.1m   14.75
TMM_RECEIVEPCAPFILE         IPv4       6           282             2545           4435          2971        838.0k    0.94
TMM_RECEIVEPCAPFILE         IPv4      17            46             2555           3772          2831        130.3k    0.15
TMM_DECODEPCAPFILE          IPv4       6           282             2658          11512          2912        821.2k    0.92
TMM_DECODEPCAPFILE          IPv4      17            46             2686           7723          2956        136.0k    0.15
TMM_FLOWWORKER              IPv6      17             9           108017         310132        177124          1.6m    1.79
TMM_RECEIVEPCAPFILE         IPv6      17             9             2581          10038          3659         32.9k    0.04
TMM_DECODEPCAPFILE          IPv6      17             9             2746          34128          6566         59.1k    0.07

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           282             2721          26337          3350        944.8k  1.22  
flow                    IPv4      17            46             2680           6354          3310        152.3k  0.20  
stream                  IPv4       6           289             3100         293061         13988          4.0m  5.23  
app-layer               IPv4      17            46             2534          30553          5038        231.8k  0.30  
detect                  IPv4       6           289            46016       14448823        207974         60.1m  77.78 
detect                  IPv4      17            46           102216         462441        200656          9.2m  11.94 
tcp-prune               IPv4       6           289             2556         158848          3758          1.1m  1.41  
flow                    IPv6      17             9             2853          12768          4899         44.1k  0.06  
app-layer               IPv6      17             9             2566          23490          7640         68.8k  0.09  
detect                  IPv6      17             9            91427         279060        152454          1.4m  1.78  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2            12031          31073         21552         43.1k  35.29 
tls                     IPv4       6            12             2812           5986          3312         39.8k  32.55 
dns                     IPv4      17             4             5613          17013          9818         39.3k  32.16 
Proto detect            IPv4      17            10             2782           8428          4547         45.5k
Proto detect            IPv6      17             4             2998          16597          7782         31.1k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             6            19263          52229         31599        189.6k  3.98  
LOGGER_UNIFIED2             IPv4       6             6            41059         109314         60115        360.7k  7.58  
LOGGER_JSON_ALERT           IPv4       6             6            42397          73765         55654        333.9k  7.01  
LOGGER_JSON_DNS             IPv4      17             4            34363        2740879        746051          3.0m  62.68 
LOGGER_JSON_HTTP            IPv4       6             1           202123         202123        202123        202.1k  4.25  
LOGGER_JSON_TLS             IPv4       6             6            54011         126164         82272        493.6k  10.37 
LOGGER_JSON_FILE            IPv4       6             1           196798         196798        196798        196.8k  4.13  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            89             2621         128480         35144         3.1m  22.25 
payload                           IPv4      17            46             3294          70166         13091       602.2k  4.28  
stream                            IPv4       6            89             2551         418508         51704         4.6m  32.73 
http_uri                          IPv4       6             1            34999          34999         34999        35.0k  0.25  
http_request_line                 IPv4       6             1             7793           7793          7793         7.8k  0.06  
http_client_body                  IPv4       6             1             3680           3680          3680         3.7k  0.03  
http_header (request)             IPv4       6             1            84766          84766         84766        84.8k  0.60  
http_header (request trailer)     IPv4       6             1             2637           2637          2637         2.6k  0.02  
http_header_names (request)       IPv4       6             1            26221          26221         26221        26.2k  0.19  
http_accept (request)             IPv4       6             1             4124           4124          4124         4.1k  0.03  
http_referer (request)            IPv4       6             1             3409           3409          3409         3.4k  0.02  
http_content_len (request)        IPv4       6             1             3508           3508          3508         3.5k  0.02  
http_content_type (request)       IPv4       6             1             3459           3459          3459         3.5k  0.02  
http_protocol (request)           IPv4       6             1             5620           5620          5620         5.6k  0.04  
http_start (request)              IPv4       6             1            13925          13925         13925        13.9k  0.10  
http_raw_header (request)         IPv4       6             1            23789          23789         23789        23.8k  0.17  
http_method                       IPv4       6             1             7069           7069          7069         7.1k  0.05  
http_cookie (request)             IPv4       6             1             4189           4189          4189         4.2k  0.03  
http_raw_uri                      IPv4       6             1             7027           7027          7027         7.0k  0.05  
http_user_agent                   IPv4       6             1            15582          15582         15582        15.6k  0.11  
http_host                         IPv4       6             1            13122          13122         13122        13.1k  0.09  
dns_query                         IPv4      17             2            11554          13273         12413        24.8k  0.18  
tls_sni                           IPv4       6             6             6669           8786          7603        45.6k  0.32  
http_response_line                IPv4       6             1            10130          10130         10130        10.1k  0.07  
http_header (response)            IPv4       6             1            55933          55933         55933        55.9k  0.40  
http_header (response trailer)    IPv4       6             1             3472           3472          3472         3.5k  0.02  
http_content_type (response)      IPv4       6             1             8849           8849          8849         8.8k  0.06  
http_raw_header (response)        IPv4       6            47             4533          15647          5176       243.3k  1.73  
http_cookie (response)            IPv4       6             1             3275           3275          3275         3.3k  0.02  
http_stat_code                    IPv4       6             1             4043           4043          4043         4.0k  0.03  
tls_cert_issuer                   IPv4       6             6             2636           3481          2973        17.8k  0.13  
tls_cert_subject                  IPv4       6             6             5250           8808          6985        41.9k  0.30  
tls_cert_serial                   IPv4       6             6             4921           7487          6284        37.7k  0.27  
file_data (http response)         IPv4       6            46             2577        1604231        104879         4.8m  34.32 
Total                             IPv4                   367                                         37923        13.9m
payload                           IPv6      17             9             3383          57618         15573       140.2k  1.00  
Total                             IPv6                     9                                         15573       140.2k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            14             9381          88519         44026        616.4k  0.73  
PROF_DETECT_IPONLY          IPv4      17            10            37398          64352         46300        463.0k  0.55  
PROF_DETECT_RULES           IPv4       6           289             2542       13815432         89935         26.0m  30.99 
PROF_DETECT_RULES           IPv4      17            46            44651         268730        112577          5.2m  6.17  
PROF_DETECT_STATEFUL_START    IPv4       6            39             5116        1630171        103217          4.0m  4.80  
PROF_DETECT_STATEFUL_CONT    IPv4       6           289             2536          43894          7853          2.3m  2.71  
PROF_DETECT_STATEFUL_CONT    IPv4      17            46             2519          42989          3875        178.3k  0.21  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           261             2555          26534          2897        756.3k  0.90  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             2746           3426          3061         12.2k  0.01  
PROF_DETECT_PREFILTER       IPv4       6           289             7985        1767901         67066         19.4m  23.11 
PROF_DETECT_PREFILTER       IPv4      17            46            23912          94544         37190          1.7m  2.04  
PROF_DETECT_PF_PAYLOAD      IPv4       6            89            20241         451701         95167          8.5m  10.10 
PROF_DETECT_PF_PAYLOAD      IPv4      17            46             8412          75270         18315        842.5k  1.00  
PROF_DETECT_PF_TX           IPv4       6           261             2575        1617900         26055          6.8m  8.11  
PROF_DETECT_PF_TX           IPv4      17             2            17446          19448         18447         36.9k  0.04  
PROF_DETECT_PF_SORT1        IPv4       6            66             2564          26820          3843        253.7k  0.30  
PROF_DETECT_PF_SORT1        IPv4      17            46             2643           4935          3490        160.6k  0.19  
PROF_DETECT_PF_SORT2        IPv4       6           289             2529          30614          3048        880.9k  1.05  
PROF_DETECT_PF_SORT2        IPv4      17            46             2558           4317          2860        131.6k  0.16  
PROF_DETECT_NONMPMLIST      IPv4       6           289             2568          21638          2963        856.3k  1.02  
PROF_DETECT_NONMPMLIST      IPv4      17            46             2538          17372          3188        146.7k  0.17  
PROF_DETECT_ALERT           IPv4       6           289             2529          37888          3055        883.2k  1.05  
PROF_DETECT_ALERT           IPv4      17            46             2535           3883          2671        122.9k  0.15  
PROF_DETECT_CLEANUP         IPv4       6           289             2568          37199          3138        907.1k  1.08  
PROF_DETECT_CLEANUP         IPv4      17            46             2528          16297          3317        152.6k  0.18  
PROF_DETECT_GETSGH          IPv4       6           289             2531          33291          3734          1.1m  1.29  
PROF_DETECT_GETSGH          IPv4      17            46             2529          16422          3743        172.2k  0.21  
PROF_DETECT_IPONLY          IPv6      17             4             3386          11460          8335         33.3k  0.04  
PROF_DETECT_RULES           IPv6      17             9            33804         120371         61336        552.0k  0.66  
PROF_DETECT_STATEFUL_CONT    IPv6      17             9             2529           2919          2721         24.5k  0.03  
PROF_DETECT_PREFILTER       IPv6      17             9            24000          81544         42566        383.1k  0.46  
PROF_DETECT_PF_PAYLOAD      IPv6      17             9             8480          62974         20861        187.8k  0.22  
PROF_DETECT_PF_SORT1        IPv6      17             9             2645           4218          3235         29.1k  0.03  
PROF_DETECT_PF_SORT2        IPv6      17             9             2562           3983          2946         26.5k  0.03  
PROF_DETECT_NONMPMLIST      IPv6      17             9             2538           4017          2901         26.1k  0.03  
PROF_DETECT_ALERT           IPv6      17             9             2534           4763          2930         26.4k  0.03  
PROF_DETECT_CLEANUP         IPv6      17             9             2536           5384          3175         28.6k  0.03  
PROF_DETECT_GETSGH          IPv6      17             9             2542          24492          8398         75.6k  0.09  


unified2.alert.1556799112 - (6078 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
4\‡c
]¥+*¹Ø#¶À¨dÙ ûÀQ±\‡c\‡c
]¥•E‡´a¹Ø#¶À¨dÙ ûÀQP¤ØQMAGBÙ?E_øÁÈ]N¹ÍJõ’	xæ¨Õþ¼K{Š¹˜ .1à/‘ð­Ł&ã]Še§EÇ)ǔT	„Sk/ÿû÷ôñ0‚í0‚Õ 	؆ýç’(ª40
	*†H†÷
0
10	UUS0
190201105905Z
200201105905Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚À‘,#Y÷ˆ¢â@Ùé{Uðö;³»K©à|f.ãëËnY€°öæêhΞW·o\¢ø½n%KHn³Àè[d
ñe«ŒxƒÄ30býç@„´ŒátåíÌÛÿ*,²+¹ÖF•y§E¦bõÉ?’ÍÛÐcžzÀjfiÏãw8±Ù¼J{¸Gh05³&ëL©vìÚ´’O¸^­¾£ƒH€Û[ýY>ꐷâ`Õß/q®W`XÇ)½Þk¼ªR‘ÉϙÎ
hóD'm@nn#BŸ¹¼OëJð#¿ãÁzMEðÍ4RgåG®8œƒâ¹e‘H³èo
O"œç£ý£Yd2k±£P0N0U0ha6Ôµ?л¢üX#8Aa`¹NT0U#0€0ha6Ôµ?л¢üX#8Aa`¹NT0U0ÿ0
	*†H†÷
‚_ÎlA©Iɨd¬Uœ±Á)J+Û¦ùžçƒ*.uû»ébÚ)YÿÇoÆeÀ¸g¥µ¬W–’B˜(-ŽC¨Áú`v¸èðˆœ‰Ó³=:=šòkµ¾dñèþKdCm¶ñ*MY<%éÔð ¦|ýš‚3þXÇ:„Nz’ñ“Áñp?¶ŸZïœR©*¼Õæ–vlà!F\ËF‰÷ˆŠÅÏí_™ø˜k¿“–ñ]Ÿ¢Aš £—ƒÄ4°I]Êqm‚ù'7˜ÐÈcSä¤wT‡™ò5›ÙU€ÐQÎ0ó.6û?
ÞDŸK„GFä"=˜ZžޝZ…¬ýßá&ÄîZ4\‡cSæ+*¹Ø#¶À¨dÙ ûÀŠ±\‡c\‡cSæ•E‡´a¹Ø#¶À¨dÙ ûÀŠP>fQM‚s@Ãé²>ü±jáëðÉÆ͇¨`_ÛÑ=,a  ²j%²z‹'ypj¤ÚíCñå…h±B"Æ!Ýü‚¸
÷/ÿû÷ôñ0‚í0‚Õ 	؆ýç’(ª40
	*†H†÷
0
10	UUS0
190201105905Z
200201105905Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚À‘,#Y÷ˆ¢â@Ùé{Uðö;³»K©à|f.ãëËnY€°öæêhΞW·o\¢ø½n%KHn³Àè[d
ñe«ŒxƒÄ30býç@„´ŒátåíÌÛÿ*,²+¹ÖF•y§E¦bõÉ?’ÍÛÐcžzÀjfiÏãw8±Ù¼J{¸Gh05³&ëL©vìÚ´’O¸^­¾£ƒH€Û[ýY>ꐷâ`Õß/q®W`XÇ)½Þk¼ªR‘ÉϙÎ
hóD'm@nn#BŸ¹¼OëJð#¿ãÁzMEðÍ4RgåG®8œƒâ¹e‘H³èo
O"œç£ý£Yd2k±£P0N0U0ha6Ôµ?л¢üX#8Aa`¹NT0U#0€0ha6Ôµ?л¢üX#8Aa`¹NT0U0ÿ0
	*†H†÷
‚_ÎlA©Iɨd¬Uœ±Á)J+Û¦ùžçƒ*.uû»ébÚ)YÿÇoÆeÀ¸g¥µ¬W–’B˜(-ŽC¨Áú`v¸èðˆœ‰Ó³=:=šòkµ¾dñèþKdCm¶ñ*MY<%éÔð ¦|ýš‚3þXÇ:„Nz’ñ“Áñp?¶ŸZïœR©*¼Õæ–vlà!F\ËF‰÷ˆŠÅÏí_™ø˜k¿“–ñ]Ÿ¢Aš £—ƒÄ4°I]Êqm‚ù'7˜ÐÈcSä¤wT‡™ò5›ÙU€ÐQÎ0ó.6û?
ÞDŸK„GFä"=˜ZžޝZ…¬ýßá&ÄîZ4\‡c«Ä+*¹Ø#¶À¨dÙ ûÀŸ±\‡c\‡c«Ä•E‡´a¹Ø#¶À¨dÙ ûÀŸPa[QMÔŸÚºÚ(œ·’@ê‚ô‡eM¹£5h;ÒÜ>¥ `­oQ
‘{Ù°,’à¾h î'ž°òT9´StãçDà/ÿû÷ôñ0‚í0‚Õ 	؆ýç’(ª40
	*†H†÷
0
10	UUS0
190201105905Z
200201105905Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚À‘,#Y÷ˆ¢â@Ùé{Uðö;³»K©à|f.ãëËnY€°öæêhΞW·o\¢ø½n%KHn³Àè[d
ñe«ŒxƒÄ30býç@„´ŒátåíÌÛÿ*,²+¹ÖF•y§E¦bõÉ?’ÍÛÐcžzÀjfiÏãw8±Ù¼J{¸Gh05³&ëL©vìÚ´’O¸^­¾£ƒH€Û[ýY>ꐷâ`Õß/q®W`XÇ)½Þk¼ªR‘ÉϙÎ
hóD'm@nn#BŸ¹¼OëJð#¿ãÁzMEðÍ4RgåG®8œƒâ¹e‘H³èo
O"œç£ý£Yd2k±£P0N0U0ha6Ôµ?л¢üX#8Aa`¹NT0U#0€0ha6Ôµ?л¢üX#8Aa`¹NT0U0ÿ0
	*†H†÷
‚_ÎlA©Iɨd¬Uœ±Á)J+Û¦ùžçƒ*.uû»ébÚ)YÿÇoÆeÀ¸g¥µ¬W–’B˜(-ŽC¨Áú`v¸èðˆœ‰Ó³=:=šòkµ¾dñèþKdCm¶ñ*MY<%éÔð ¦|ýš‚3þXÇ:„Nz’ñ“Áñp?¶ŸZïœR©*¼Õæ–vlà!F\ËF‰÷ˆŠÅÏí_™ø˜k¿“–ñ]Ÿ¢Aš £—ƒÄ4°I]Êqm‚ù'7˜ÐÈcSä¤wT‡™ò5›ÙU€ÐQÎ0ó.6û?
ÞDŸK„GFä"=˜ZžޝZ…¬ýßá&ÄîZ4\‡cd´O+*¹Ø#¶À¨dÙ ûÅ»±\‡cd\‡cd´O•E‡´a¹Ø#¶À¨dÙ ûÅ»PÝQMó2†úñ©®B쥛L‡oZNü‚ÖH÷2tòÎ ~"Ak„_Bö`ËǽÈ¼·Ó”1¯×DÒ"¨!ËԂ/ÿû÷ôñ0‚í0‚Õ 	؆ýç’(ª40
	*†H†÷
0
10	UUS0
190201105905Z
200201105905Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚À‘,#Y÷ˆ¢â@Ùé{Uðö;³»K©à|f.ãëËnY€°öæêhΞW·o\¢ø½n%KHn³Àè[d
ñe«ŒxƒÄ30býç@„´ŒátåíÌÛÿ*,²+¹ÖF•y§E¦bõÉ?’ÍÛÐcžzÀjfiÏãw8±Ù¼J{¸Gh05³&ëL©vìÚ´’O¸^­¾£ƒH€Û[ýY>ꐷâ`Õß/q®W`XÇ)½Þk¼ªR‘ÉϙÎ
hóD'm@nn#BŸ¹¼OëJð#¿ãÁzMEðÍ4RgåG®8œƒâ¹e‘H³èo
O"œç£ý£Yd2k±£P0N0U0ha6Ôµ?л¢üX#8Aa`¹NT0U#0€0ha6Ôµ?л¢üX#8Aa`¹NT0U0ÿ0
	*†H†÷
‚_ÎlA©Iɨd¬Uœ±Á)J+Û¦ùžçƒ*.uû»ébÚ)YÿÇoÆeÀ¸g¥µ¬W–’B˜(-ŽC¨Áú`v¸èðˆœ‰Ó³=:=šòkµ¾dñèþKdCm¶ñ*MY<%éÔð ¦|ýš‚3þXÇ:„Nz’ñ“Áñp?¶ŸZïœR©*¼Õæ–vlà!F\ËF‰÷ˆŠÅÏí_™ø˜k¿“–ñ]Ÿ¢Aš £—ƒÄ4°I]Êqm‚ù'7˜ÐÈcSä¤wT‡™ò5›ÙU€ÐQÎ0ó.6û?
ÞDŸK„GFä"=˜ZžޝZ…¬ýßá&ÄîZ4\‡cf©—+*¹Ø#¶À¨dÙ ûÅܱ\‡cf\‡cf©—•E‡´a¹Ø#¶À¨dÙ ûÅÜP¿µQMÞQl@ûâ8DpEr­ˆçËJê‚°ð4#nЛø–þC |Z2<¶î.„vƉQ›aô™‰1™¦½ëA¶,H/ÿû÷ôñ0‚í0‚Õ 	؆ýç’(ª40
	*†H†÷
0
10	UUS0
190201105905Z
200201105905Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚À‘,#Y÷ˆ¢â@Ùé{Uðö;³»K©à|f.ãëËnY€°öæêhΞW·o\¢ø½n%KHn³Àè[d
ñe«ŒxƒÄ30býç@„´ŒátåíÌÛÿ*,²+¹ÖF•y§E¦bõÉ?’ÍÛÐcžzÀjfiÏãw8±Ù¼J{¸Gh05³&ëL©vìÚ´’O¸^­¾£ƒH€Û[ýY>ꐷâ`Õß/q®W`XÇ)½Þk¼ªR‘ÉϙÎ
hóD'm@nn#BŸ¹¼OëJð#¿ãÁzMEðÍ4RgåG®8œƒâ¹e‘H³èo
O"œç£ý£Yd2k±£P0N0U0ha6Ôµ?л¢üX#8Aa`¹NT0U#0€0ha6Ôµ?л¢üX#8Aa`¹NT0U0ÿ0
	*†H†÷
‚_ÎlA©Iɨd¬Uœ±Á)J+Û¦ùžçƒ*.uû»ébÚ)YÿÇoÆeÀ¸g¥µ¬W–’B˜(-ŽC¨Áú`v¸èðˆœ‰Ó³=:=šòkµ¾dñèþKdCm¶ñ*MY<%éÔð ¦|ýš‚3þXÇ:„Nz’ñ“Áñp?¶ŸZïœR©*¼Õæ–vlà!F\ËF‰÷ˆŠÅÏí_™ø˜k¿“–ñ]Ÿ¢Aš £—ƒÄ4°I]Êqm‚ù'7˜ÐÈcSä¤wT‡™ò5›ÙU€ÐQÎ0ó.6û?
ÞDŸK„GFä"=˜ZžޝZ…¬ýßá&ÄîZ4\‡cgl€+*¹Ø#¶À¨dÙ ûÅñ±\‡cg\‡cgl€•E‡´a¹Ø#¶À¨dÙ ûÅñPì
QMÁý¤àí5©ÞìK–ù‡¸ãÉîæàCÂv^z[`hû r?Xnéôþ¹Vš×©7
æÇüüžØN%係¦z/ÿû÷ôñ0‚í0‚Õ 	؆ýç’(ª40
	*†H†÷
0
10	UUS0
190201105905Z
200201105905Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚À‘,#Y÷ˆ¢â@Ùé{Uðö;³»K©à|f.ãëËnY€°öæêhΞW·o\¢ø½n%KHn³Àè[d
ñe«ŒxƒÄ30býç@„´ŒátåíÌÛÿ*,²+¹ÖF•y§E¦bõÉ?’ÍÛÐcžzÀjfiÏãw8±Ù¼J{¸Gh05³&ëL©vìÚ´’O¸^­¾£ƒH€Û[ýY>ꐷâ`Õß/q®W`XÇ)½Þk¼ªR‘ÉϙÎ
hóD'm@nn#BŸ¹¼OëJð#¿ãÁzMEðÍ4RgåG®8œƒâ¹e‘H³èo
O"œç£ý£Yd2k±£P0N0U0ha6Ôµ?л¢üX#8Aa`¹NT0U#0€0ha6Ôµ?л¢üX#8Aa`¹NT0U0ÿ0
	*†H†÷
‚_ÎlA©Iɨd¬Uœ±Á)J+Û¦ùžçƒ*.uû»ébÚ)YÿÇoÆeÀ¸g¥µ¬W–’B˜(-ŽC¨Áú`v¸èðˆœ‰Ó³=:=šòkµ¾dñèþKdCm¶ñ*MY<%éÔð ¦|ýš‚3þXÇ:„Nz’ñ“Áñp?¶ŸZïœR©*¼Õæ–vlà!F\ËF‰÷ˆŠÅÏí_™ø˜k¿“–ñ]Ÿ¢Aš £—ƒÄ4°I]Êqm‚ù'7˜ÐÈcSä¤wT‡™ò5›ÙU€ÐQÎ0ó.6û?
ÞDŸK„GFä"=˜ZžޝZ…¬ýßá&ÄîZ


stats.log - (3286 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
------------------------------------------------------------------------------------
Date: 5/2/2019 -- 12:11:54 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 407
decoder.bytes                              | Total                     | 185333
decoder.ipv4                               | Total                     | 328
decoder.ipv6                               | Total                     | 9
decoder.ethernet                           | Total                     | 407
decoder.tcp                                | Total                     | 282
decoder.udp                                | Total                     | 55
decoder.avg_pkt_size                       | Total                     | 455
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 7
flow.udp                                   | Total                     | 12
tcp.sessions                               | Total                     | 7
tcp.syn                                    | Total                     | 7
tcp.synack                                 | Total                     | 7
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 1
detect.alert                               | Total                     | 6
detect.mpm_list                            | Total                     | 3
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 4
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.tls                         | Total                     | 6
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 10
flow_mgr.new_pruned                        | Total                     | 9
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 17
flow_mgr.flows_notimeout                   | Total                     | 8
flow_mgr.flows_timeout                     | Total                     | 9
flow_mgr.flows_removed                     | Total                     | 9
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65519
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7079776


eve.json - (8776 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
{"timestamp":"2019-03-12T07:42:59.648057+0000","flow_id":1712984942699385,"pcap_cnt":39,"event_type":"dns","src_ip":"192.168.100.217","src_port":52618,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":33039,"rrname":"functiondiscovery.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-12T07:42:59.684001+0000","flow_id":1712984942699385,"pcap_cnt":40,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.217","dest_port":52618,"proto":"UDP","dns":{"type":"answer","id":33039,"rcode":"NOERROR","rrname":"functiondiscovery.net","rrtype":"A","ttl":899,"rdata":"185.216.35.182"}}
{"timestamp":"2019-03-12T07:42:59.825139+0000","flow_id":1630611764920771,"pcap_cnt":47,"event_type":"tls","src_ip":"192.168.100.217","src_port":49233,"dest_ip":"185.216.35.182","dest_port":8443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-03-12T07:42:59.875941+0000","flow_id":1630611764920771,"pcap_cnt":48,"event_type":"alert","src_ip":"185.216.35.182","src_port":8443,"dest_ip":"192.168.100.217","dest_port":49233,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-03-12T07:42:59.994751+0000","flow_id":1404863988837823,"pcap_cnt":49,"event_type":"dns","src_ip":"192.168.100.217","src_port":50348,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":57257,"rrname":"www.download.windowsupdate.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-12T07:43:00.003569+0000","flow_id":1404863988837823,"pcap_cnt":50,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.217","dest_port":50348,"proto":"UDP","dns":{"type":"answer","id":57257,"rcode":"NOERROR","rrname":"www.download.windowsupdate.com","rrtype":"CNAME","ttl":3410,"rdata":"2-01-3cf7-0009.cdx.cedexis.net"}}
{"timestamp":"2019-03-12T07:43:00.003569+0000","flow_id":1404863988837823,"pcap_cnt":50,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.217","dest_port":50348,"proto":"UDP","dns":{"type":"answer","id":57257,"rcode":"NOERROR","rrname":"2-01-3cf7-0009.cdx.cedexis.net","rrtype":"CNAME","ttl":94,"rdata":"wu.azureedge.net"}}
{"timestamp":"2019-03-12T07:43:00.003569+0000","flow_id":1404863988837823,"pcap_cnt":50,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.217","dest_port":50348,"proto":"UDP","dns":{"type":"answer","id":57257,"rcode":"NOERROR","rrname":"wu.azureedge.net","rrtype":"CNAME","ttl":148,"rdata":"wu.ec.azureedge.net"}}
{"timestamp":"2019-03-12T07:43:00.003569+0000","flow_id":1404863988837823,"pcap_cnt":50,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.217","dest_port":50348,"proto":"UDP","dns":{"type":"answer","id":57257,"rcode":"NOERROR","rrname":"wu.ec.azureedge.net","rrtype":"CNAME","ttl":154,"rdata":"wu.wpc.apr-52dd2.edgecastdns.net"}}
{"timestamp":"2019-03-12T07:43:00.003569+0000","flow_id":1404863988837823,"pcap_cnt":50,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.217","dest_port":50348,"proto":"UDP","dns":{"type":"answer","id":57257,"rcode":"NOERROR","rrname":"wu.wpc.apr-52dd2.edgecastdns.net","rrtype":"CNAME","ttl":154,"rdata":"hlb.apr-52dd2-0.edgecastdns.net"}}
{"timestamp":"2019-03-12T07:43:00.003569+0000","flow_id":1404863988837823,"pcap_cnt":50,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.217","dest_port":50348,"proto":"UDP","dns":{"type":"answer","id":57257,"rcode":"NOERROR","rrname":"hlb.apr-52dd2-0.edgecastdns.net","rrtype":"CNAME","ttl":154,"rdata":"cs11.wpc.v0cdn.net"}}
{"timestamp":"2019-03-12T07:43:00.003569+0000","flow_id":1404863988837823,"pcap_cnt":50,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.217","dest_port":50348,"proto":"UDP","dns":{"type":"answer","id":57257,"rcode":"NOERROR","rrname":"cs11.wpc.v0cdn.net","rrtype":"A","ttl":3454,"rdata":"93.184.221.240"}}
{"timestamp":"2019-03-12T07:43:00.343561+0000","flow_id":24835162117163,"pcap_cnt":134,"event_type":"http","src_ip":"192.168.100.217","src_port":49238,"dest_ip":"93.184.221.240","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.download.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed"}}
{"timestamp":"2019-03-12T07:43:03.303507+0000","flow_id":37090851503488,"pcap_cnt":156,"event_type":"tls","src_ip":"192.168.100.217","src_port":49290,"dest_ip":"185.216.35.182","dest_port":8443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-03-12T07:43:03.349158+0000","flow_id":37090851503488,"pcap_cnt":157,"event_type":"alert","src_ip":"185.216.35.182","src_port":8443,"dest_ip":"192.168.100.217","dest_port":49290,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-03-12T07:43:04.710101+0000","flow_id":1275830286697459,"pcap_cnt":174,"event_type":"tls","src_ip":"192.168.100.217","src_port":49311,"dest_ip":"185.216.35.182","dest_port":8443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-03-12T07:43:04.764868+0000","flow_id":1275830286697459,"pcap_cnt":175,"event_type":"alert","src_ip":"185.216.35.182","src_port":8443,"dest_ip":"192.168.100.217","dest_port":49311,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-03-12T07:44:36.196944+0000","flow_id":1023954083164843,"pcap_cnt":306,"event_type":"tls","src_ip":"192.168.100.217","src_port":50619,"dest_ip":"185.216.35.182","dest_port":8443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-03-12T07:44:36.242767+0000","flow_id":1023954083164843,"pcap_cnt":307,"event_type":"alert","src_ip":"185.216.35.182","src_port":8443,"dest_ip":"192.168.100.217","dest_port":50619,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-03-12T07:44:38.250894+0000","flow_id":1328493034356536,"pcap_cnt":323,"event_type":"tls","src_ip":"192.168.100.217","src_port":50652,"dest_ip":"185.216.35.182","dest_port":8443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-03-12T07:44:38.305559+0000","flow_id":1328493034356536,"pcap_cnt":324,"event_type":"alert","src_ip":"185.216.35.182","src_port":8443,"dest_ip":"192.168.100.217","dest_port":50652,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-03-12T07:44:39.507064+0000","flow_id":1993384036626461,"pcap_cnt":341,"event_type":"tls","src_ip":"192.168.100.217","src_port":50673,"dest_ip":"185.216.35.182","dest_port":8443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-03-12T07:44:39.552064+0000","flow_id":1993384036626461,"pcap_cnt":342,"event_type":"alert","src_ip":"185.216.35.182","src_port":8443,"dest_ip":"192.168.100.217","dest_port":50673,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-03-12T07:44:52.459963+0000","flow_id":24835162117163,"event_type":"fileinfo","src_ip":"93.184.221.240","src_port":80,"dest_ip":"192.168.100.217","dest_port":49238,"proto":"TCP","http":{"hostname":"www.download.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":56560},"app_proto":"http","fileinfo":{"filename":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","gaps":false,"state":"CLOSED","stored":false,"size":56560,"tx_id":0}}


suricata-report-2019-05-02-T-12-11-54-05022019.1211-1c7c6c27-0dee-4525-a97a-ce349a4261b3.pcap.txt - (17494 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/ab7e2d3058ea8b1ba6e5e06b6f67f53456b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05022019.1211-1c7c6c27-0dee-4525-a97a-ce349a4261b3.pcap -vvv -k none
elapsedtime:22.211323
stderr:
stdout:
2/5/2019 -- 12:11:32 - <Info> - Configuration node 'rule-files' redefined.
2/5/2019 -- 12:11:32 - <Notice> - This is Suricata version 4.0.0 RELEASE
2/5/2019 -- 12:11:32 - <Info> - CPUs/cores online: 1
2/5/2019 -- 12:11:32 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33913 and 'request-body-inspect-window' set to 16992 after randomization.
2/5/2019 -- 12:11:32 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33834 and 'response-body-inspect-window' set to 17004 after randomization.
2/5/2019 -- 12:11:32 - <Config> - DNS request flood protection level: 500
2/5/2019 -- 12:11:32 - <Config> - DNS per flow memcap (state-memcap): 524288
2/5/2019 -- 12:11:32 - <Config> - DNS global memcap: 16777216
2/5/2019 -- 12:11:32 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
2/5/2019 -- 12:11:32 - <Config> - preallocated 1000 hosts of size 136
2/5/2019 -- 12:11:32 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
2/5/2019 -- 12:11:32 - <Config> - using magic-file /usr/share/file/magic
2/5/2019 -- 12:11:32 - <Config> - Core dump size is unlimited.
2/5/2019 -- 12:11:32 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
2/5/2019 -- 12:11:32 - <Config> - preallocated 1000 defrag trackers of size 168
2/5/2019 -- 12:11:32 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
2/5/2019 -- 12:11:32 - <Config> - stream "prealloc-sessions": 2048 (per thread)
2/5/2019 -- 12:11:32 - <Config> - stream "memcap": 33554432
2/5/2019 -- 12:11:32 - <Config> - stream "midstream" session pickups: disabled
2/5/2019 -- 12:11:32 - <Config> - stream "async-oneside": disabled
2/5/2019 -- 12:11:32 - <Config> - stream "checksum-validation": disabled
2/5/2019 -- 12:11:32 - <Config> - stream."inline": disabled
2/5/2019 -- 12:11:32 - <Config> - stream "bypass": disabled
2/5/2019 -- 12:11:32 - <Config> - stream "max-synack-queued": 5
2/5/2019 -- 12:11:32 - <Config> - stream.reassembly "memcap": 134217728
2/5/2019 -- 12:11:32 - <Config> - stream.reassembly "depth": 0
2/5/2019 -- 12:11:32 - <Config> - stream.reassembly "toserver-chunk-size": 2642
2/5/2019 -- 12:11:32 - <Config> - stream.reassembly "toclient-chunk-size": 2663
2/5/2019 -- 12:11:32 - <Config> - stream.reassembly.raw: enabled
2/5/2019 -- 12:11:32 - <Config> - stream.reassembly "segment-prealloc": 2048
2/5/2019 -- 12:11:32 - <Config> - Delayed detect disabled
2/5/2019 -- 12:11:32 - <Config> - pattern matchers: MPM: ac, SPM: bm
2/5/2019 -- 12:11:32 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
2/5/2019 -- 12:11:32 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
2/5/2019 -- 12:11:32 - <Config> - prefilter engines: MPM
2/5/2019 -- 12:11:32 - <Config> - IP reputation disabled
2/5/2019 -- 12:11:32 - <Perf> - Registered 148 keyword profiling counters.
2/5/2019 -- 12:11:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
2/5/2019 -- 12:11:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
2/5/2019 -- 12:11:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
2/5/2019 -- 12:11:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
2/5/2019 -- 12:11:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
2/5/2019 -- 12:11:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
2/5/2019 -- 12:11:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
2/5/2019 -- 12:11:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
2/5/2019 -- 12:11:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
2/5/2019 -- 12:11:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
2/5/2019 -- 12:11:37 - <Config> - No rules loaded from ET-icmp.rules.
2/5/2019 -- 12:11:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
2/5/2019 -- 12:11:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
2/5/2019 -- 12:11:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
2/5/2019 -- 12:11:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
2/5/2019 -- 12:11:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
2/5/2019 -- 12:11:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
2/5/2019 -- 12:11:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
2/5/2019 -- 12:11:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
2/5/2019 -- 12:11:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
2/5/2019 -- 12:11:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
2/5/2019 -- 12:11:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
2/5/2019 -- 12:11:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
2/5/2019 -- 12:11:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
2/5/2019 -- 12:11:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
2/5/2019 -- 12:11:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
2/5/2019 -- 12:11:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
2/5/2019 -- 12:11:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
2/5/2019 -- 12:11:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
2/5/2019 -- 12:11:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
2/5/2019 -- 12:11:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
2/5/2019 -- 12:11:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
2/5/2019 -- 12:11:42 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
2/5/2019 -- 12:11:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
2/5/2019 -- 12:11:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
2/5/2019 -- 12:11:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
2/5/2019 -- 12:11:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
2/5/2019 -- 12:11:43 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
2/5/2019 -- 12:11:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
2/5/2019 -- 12:11:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
2/5/2019 -- 12:11:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
2/5/2019 -- 12:11:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
2/5/2019 -- 12:11:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
2/5/2019 -- 12:11:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
2/5/2019 -- 12:11:44 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
2/5/2019 -- 12:11:44 - <Config> - No rules loaded from local.rules.
2/5/2019 -- 12:11:44 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
2/5/2019 -- 12:11:44 - <Info> - Threshold config parsed: 0 rule(s) found
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for tcp-packet
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for tcp-stream
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for udp-packet
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for other-ip
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_uri
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_request_line
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_client_body
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_response_line
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_header
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_header
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_header_names
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_header_names
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_accept
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_accept_enc
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_accept_lang
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_referer
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_connection
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_content_len
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_content_len
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_content_type
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_content_type
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_protocol
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_protocol
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_start
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_start
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_raw_header
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_raw_header
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_method
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_cookie
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_cookie
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_raw_uri
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_user_agent
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_host
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_raw_host
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_stat_msg
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_stat_code
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for dns_query
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for tls_sni
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for tls_cert_issuer
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for tls_cert_subject
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for tls_cert_serial
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for dce_stub_data
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for dce_stub_data
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for ssh_protocol
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for ssh_protocol
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for ssh_software
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for ssh_software
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for file_data
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for file_data
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_request_line
2/5/2019 -- 12:11:45 - <Perf> - using shared mpm ctx' for http_response_line
2/5/2019 -- 12:11:45 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
2/5/2019 -- 12:11:45 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
2/5/2019 -- 12:11:45 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
2/5/2019 -- 12:11:45 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
2/5/2019 -- 12:11:45 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
2/5/2019 -- 12:11:45 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
2/5/2019 -- 12:11:45 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
2/5/2019 -- 12:11:45 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
2/5/2019 -- 12:11:50 - <Perf> - Unique rule groups: 104
2/5/2019 -- 12:11:50 - <Perf> - Builtin MPM "toserver TCP packet": 35
2/5/2019 -- 12:11:50 - <Perf> - Builtin MPM "toclient TCP packet": 17
2/5/2019 -- 12:11:50 - <Perf> - Builtin MPM "toserver TCP stream": 33
2/5/2019 -- 12:11:50 - <Perf> - Builtin MPM "toclient TCP stream": 19
2/5/2019 -- 12:11:50 - <Perf> - Builtin MPM "toserver UDP packet": 27
2/5/2019 -- 12:11:50 - <Perf> - Builtin MPM "toclient UDP packet": 17
2/5/2019 -- 12:11:50 - <Perf> - Builtin MPM "other IP packet": 3
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_uri": 14
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_request_line": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_client_body": 6
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toclient http_response_line": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_header": 10
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toclient http_header": 6
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_header_names": 2
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_accept": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_referer": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_content_len": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_content_type": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toclient http_content_type": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_protocol": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_start": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_method": 5
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_cookie": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toclient http_cookie": 2
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver http_host": 2
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver dns_query": 4
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver tls_sni": 2
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toserver file_data": 1
2/5/2019 -- 12:11:50 - <Perf> - AppLayer MPM "toclient file_data": 7
2/5/2019 -- 12:11:52 - <Perf> - Registered 39590 rule profiling counters.
2/5/2019 -- 12:11:52 - <Info> - fast output device (regular) initialized: alert
2/5/2019 -- 12:11:52 - <Info> - eve-log output device (regular) initialized: eve.json
2/5/2019 -- 12:11:52 - <Config> - enabling 'eve-log' module 'alert'
2/5/2019 -- 12:11:52 - <Config> - enabling 'eve-log' module 'http'
2/5/2019 -- 12:11:52 - <Config> - enabling 'eve-log' module 'dns'
2/5/2019 -- 12:11:52 - <Config> - enabling 'eve-log' module 'tls'
2/5/2019 -- 12:11:52 - <Config> - enabling 'eve-log' module 'files'
2/5/2019 -- 12:11:52 - <Config> - enabling 'eve-log' module 'ssh'
2/5/2019 -- 12:11:52 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
2/5/2019 -- 12:11:52 - <Info> - stats output device (regular) initialized: stats.log
2/5/2019 -- 12:11:52 - <Config> - AutoFP mode using "Hash" flow load balancer
2/5/2019 -- 12:11:52 - <Info> - reading pcap file /var/pcap/05022019.1211-1c7c6c27-0dee-4525-a97a-ce349a4261b3.pcap
2/5/2019 -- 12:11:52 - <Config> - using 1 flow manager threads
2/5/2019 -- 12:11:52 - <Config> - using 1 flow recycler threads
2/5/2019 -- 12:11:52 - <Notice> - all 2 packet processing threads, 4 management threads initialized, engin

This file has been truncated. Go here to download in full.


keyword_perf.log - (10447 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/2/2019 -- 12:11:54
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             468829          147             147             17242           3189.00         3189.00         0.00           
  content          3326356         321             172             241899          10362.00        13676.00        6536.00        
  pcre             255414          54              38              24258           4729.00         4438.00         5422.00        
  byte_test        238899          80              62              5430            2986.00         3035.00         2816.00        
  byte_jump        93310           24              15              23095           3887.00         2896.00         5539.00        
  isdataat         6438            2               0               3623            3219.00         0.00            3219.00        
  flowbits         104133          36              1               6524            2892.00         6524.00         2788.00        
  urilen           9213            3               1               3109            3071.00         3101.00         3056.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             468829          147             147             17242           3189.00         3189.00         0.00           
  flowbits         97609           35              0               4892            2788.00         0.00            2788.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1171338         227             131             41805           5160.00         5441.00         4776.00        
  pcre             187262          39              37              24258           4801.00         4390.00         12404.00       
  byte_test        238899          80              62              5430            2986.00         3035.00         2816.00        
  byte_jump        89729           23              14              23095           3901.00         2847.00         5539.00        
  isdataat         6438            2               0               3623            3219.00         0.00            3219.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         6524            1               1               6524            6524.00         6524.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          14578           4               1               4041            3644.00         4041.00         3512.00        
  urilen           9213            3               1               3109            3071.00         3101.00         3056.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3119            1               0               3119            3119.00         0.00            3119.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2016100         58              20              241899          34760.00        77924.00        12042.00       
  pcre             55832           13              0               8954            4294.00         0.00            4294.00        
  byte_jump        3581            1               1               3581            3581.00         3581.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          57720           13              7               5636            4440.00         4646.00         4199.00        
  pcre             12320           2               1               6205            6160.00         6205.00         6115.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          15721           4               0               4364            3930.00         0.00            3930.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3242            1               0               3242            3242.00         0.00            3242.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3225            1               1               3225            3225.00         3225.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          41313           12              12              4189            3442.00         3442.00         0.00           


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-05-02 12:11:31,331 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-02 12:11:32,046 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-02 12:11:32,046 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-02 12:11:32,047 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-02 12:11:32,047 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-02 12:11:32,047 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/ab7e2d3058ea8b1ba6e5e06b6f67f53456b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05022019.1211-1c7c6c27-0dee-4525-a97a-ce349a4261b3.pcap -vvv -k none
2019-05-02 12:11:54,260 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-02 12:11:54,260 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.9362390041


suricata-4.0.0-etpro-all-perf.txt-2019-05-02-T-12-11-54-05022019.1211-1c7c6c27-0dee-4525-a97a-ce349a4261b3.pcap.txt - (24021 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 5/2/2019 -- 12:11:54. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2811447      1        2        13134868     50.17  2        0        13131659    6567434.00  0.00        6567434.00 
  2        2020865      1        3        1024447      3.91   6        0        359404      170741.17   0.00        170741.17  
  3        2820157      1        2        350364       1.34   1        0        350364      350364.00   0.00        350364.00  
  4        2820158      1        2        342547       1.31   1        0        342547      342547.00   0.00        342547.00  
  5        2819664      1        2        766638       2.93   4        0        298290      191659.50   0.00        191659.50  
  6        2819930      1        2        755615       2.89   4        0        282245      188903.75   0.00        188903.75  
  7        2007880      1        7        219403       0.84   1        0        219403      219403.00   0.00        219403.00  
  8        2022627      1        12       427299       1.63   6        0        105221      71216.50    0.00        71216.50   
  9        2022535      1        11       478672       1.83   6        0        102777      79778.67    0.00        79778.67   
  10       2023476      1        5        509291       1.95   6        0        92807       84881.83    0.00        84881.83   
  11       2805348      1        4        635203       2.43   14       0        67906       45371.64    0.00        45371.64   
  12       2803657      1        5        153517       0.59   3        0        55237       51172.33    0.00        51172.33   
  13       2827279      1        5        54182        0.21   1        0        54182       54182.00    0.00        54182.00   
  14       2804927      1        2        52504        0.20   1        0        52504       52504.00    0.00        52504.00   
  15       2023818      1        2        48074        0.18   1        1        48074       48074.00    48074.00    0.00       
  16       2801929      1        7        46848        0.18   1        0        46848       46848.00    0.00        46848.00   
  17       2801930      1        7        45047        0.17   1        0        45047       45047.00    0.00        45047.00   
  18       2017552      1        6        356845       1.36   24       0        42067       14868.54    0.00        14868.54   
  19       2821014      1        13       41940        0.16   1        0        41940       41940.00    0.00        41940.00   
  20       2024771      1        1        268613       1.03   47       0        38765       5715.17     0.00        5715.17    
  21       2816356      1        2        38637        0.15   1        0        38637       38637.00    0.00        38637.00   
  22       2802987      1        5        36830        0.14   1        0        36830       36830.00    0.00        36830.00   
  23       2814679      1        4        35153        0.13   1        0        35153       35153.00    0.00        35153.00   
  24       2828823      1        2        196706       0.75   6        6        34743       32784.33    32784.33    0.00       
  25       2830036      1        1        34615        0.13   1        0        34615       34615.00    0.00        34615.00   
  26       2806659      1        4        34536        0.13   1        0        34536       34536.00    0.00        34536.00   
  27       2008117      1        3        85934        0.33   20       0        34122       4296.70     0.00        4296.70    
  28       2821615      1        2        32815        0.13   1        0        32815       32815.00    0.00        32815.00   
  29       2815664      1        3        32329        0.12   1        0        32329       32329.00    0.00        32329.00   
  30       2010140      1        7        219630       0.84   49       0        28596       4482.24     0.00        4482.24    
  31       2020698      1        2        27243        0.10   1        0        27243       27243.00    0.00        27243.00   
  32       2807878      1        2        27208        0.10   1        0        27208       27208.00    0.00        27208.00   
  33       2018375      1        3        36344        0.14   2        0        26501       18172.00    0.00        18172.00   
  34       2022842      1        5        25755        0.10   1        0        25755       25755.00    0.00        25755.00   
  35       2020789      1        2        24320        0.09   1        0        24320       24320.00    0.00        24320.00   
  36       2022552      1        2        85795        0.33   4        0        24223       21448.75    0.00        21448.75   
  37       2809850      1        2        24204        0.09   1        0        24204       24204.00    0.00        24204.00   
  38       2012612      1        16       23046        0.09   1        0        23046       23046.00    0.00        23046.00   
  39       2810481      1        4        118014       0.45   6        0        22613       19669.00    0.00        19669.00   
  40       2014701      1        12       47943        0.18   4        0        22318       11985.75    0.00        11985.75   
  41       2826256      1        2        22237        0.08   1        0        22237       22237.00    0.00        22237.00   
  42       2806802      1        2        159036       0.61   8        0        22145       19879.50    0.00        19879.50   
  43       2816165      1        5        22040        0.08   1        0        22040       22040.00    0.00        22040.00   
  44       2809132      1        1        39514        0.15   6        0        21946       6585.67     0.00        6585.67    
  45       2022502      1        4        21926        0.08   1        0        21926       21926.00    0.00        21926.00   
  46       2828008      1        2        21831        0.08   1        0        21831       21831.00    0.00        21831.00   
  47       2829625      1        2        21475        0.08   1        0        21475       21475.00    0.00        21475.00   
  48       2012707      1        5        21320        0.08   1        0        21320       21320.00    0.00        21320.00   
  49       2014519      1        7        39807        0.15   2        0        21292       19903.50    0.00        19903.50   
  50       2024909      1        2        58152        0.22   3        0        21206       19384.00    0.00        19384.00   
  51       2018667      1        3        21099        0.08   1        0        21099       21099.00    0.00        21099.00   
  52       2020785      1        3        21036        0.08   1        0        21036       21036.00    0.00        21036.00   
  53       2020797      1        2        20887        0.08   1        0        20887       20887.00    0.00        20887.00   
  54       2009702      1        5        46404        0.18   4        0        20533       11601.00    0.00        11601.00   
  55       2016537      1        2        321635       1.23   23       0        20222       13984.13    0.00        13984.13   
  56       2803760      1        3        34841        0.13   2        0        19518       17420.50    0.00        17420.50   
  57       2826281      1        2        35186        0.13   2        0        19235       17593.00    0.00        17593.00   
  58       2022543      1        1        33755        0.13   2        0        18854       16877.50    0.00        16877.50   
  59       2017938      1        6        35177        0.13   2        0        18773       17588.50    0.00        17588.50   
  60       2016143      1        3        116892       0.45   8        0        18445       14611.50    0.00        14611.50   
  61       2828876      1        1        94414        0.36   27       0        18047       3496.81     0.00        3496.81    
  62       2024778      1        1        27555        0.11   4        0        18021       6888.75     0.00        6888.75    
  63       2023622      1        3        148870       0.57   50       0        17253       2977.40     0.00        2977.40    
  64       2009243      1        2        45443        0.17   11       0        17108       4131.18     0.00        4131.18    
  65       2815451      1        2        150564       0.58   12       0        16809       12547.00    0.00        12547.00   
  66       2019010      1        3        52632        0.20   14       0        16690       3759.43     0.00        3759.43    
  67       2023623      1        3        99342        0.38   33       0        16628       3010.36     0.00        3010.36    
  68       2819694      1        2        30063        0.11   2        0        16357       15031.50    0.00        15031.50   
  69       2024650      1        1        83862        0.32   6        0        15932       13977.00    0.00        13977.00   
  70       2807531      1        3        25313        0.10   2        0        15715       12656.50    0.00        12656.50   
  71       2811542      1        1        32914        0.13   3        0        15313       10971.33    0.00        10971.33   
  72       2016948      1        2        81964        0.31   6        0        15087       13660.67    0.00        13660.67   
  73       2014702      1        9        34287        0.13   4        0        15006       8571.75     0.00        8571.75    
  74       2014703      1        9        35479        0.14   4        0        14988       8869.75     0.00        8869.75    
  75       2019345      1        2        14814        0.06   1        0        14814       14814.00    0.00        14814.00   
  76       2017748      1        6        80506        0.31   6        0        14792       13417.67    0.00        13417.67   
  77       2811544      1        1        18454        0.07   2        0        14729       9227.00     0.00        9227.00    
  78       2811577      1        2        17572        0.07   2        0        14584       8786.00     0.00        8786.00    
  79       2019230      1        2        17503        0.07   2        0        14429       8751.50     0.00        8751.50    
  80       2014473      1        5        79544        0.30   6        0        14321       13257.33    0.00        13257.33   
  81       2103158      1        6        59257        0.23   19       0        4927        3118.79     0.00        3118.79    
  82       2823788      1        4        7768         0.03   2        0        4703        3884.00     0.00        3884.00    
  83       2024777      1        2        57799        0.22   18       0        4410        3211.06     0.00        3211.06    
  84       2811034      1        1        20347        0.08   6        0        4393        3391.17     0.00        3391.17    
  85       2823966      1        1        38930        0.15   12       0        4345        3244.17     0.00        3244.17    
  86       2006447      1        13       4341         0.02   1        0        4341        4341.00     0.00        4341.00    
  87       2013739      1        15       127834       0.49   47       0        4336        2719.87     0.00        2719.87    
  88       2100327      1        10       17422        0.07   5        0        4323        3484.40     0.00        3484.40    
  89       2001330      1        8        187627       0.72   68       0        4318        2759.22     0.00        2759.22    
  90       2018382      1        8        7538         0.03   2        0        4236        3769.00     0.00        3769.00    
  91       2009387      1        4        39206        0.15   12       0        4234        3267.17     0.00        3267.17    
  92       2809256      1        3        39866        0.15   12       0        4231        3322.17     0.00        3322.17    
  93       2018281      1        4        21517        0.08   6        0        4214        3586.17     0.00        3586.17    
  94       2016323      1        1        13913        0.05   4        0        4213        3478.25     0.00        3478.25    
  95       2022547      1        1        61282        0.23   20       0        4189        3064.10     0.00        3064.10    
  96       2822213      1        2        20890        0.08   6        0        4168        3481.67     0.00        3481.67    
  97       2102523      1        8        39053        0.15   13       0        4148        3004.08     0.00        3004.08    
  98       2008120      1        4        137769       0.53   51       0        4111        2701.35     0.00        2701.35    
  99       2100518      1        8        47097        0.18   17       0        4100        2770.41     0.00        2770.41    
  100      2017935      1        3        24998        0.10   7        0        4021        3571.14     0.00        3571.14    
  101      2019017      1        3        38541        0.15   14       0        4021        2752.93     0.00        2752.93    
  102      2022132      1        1        7641         0.03   2        0        4019        3820.50     0.00        3820.50    
  103      2807546      1        6        21741        0.08   6        0        4010        3623.50     0.00        3623.50    
  104      2002993      1        7        19194        0.07   6        0        3933        3199.00     0.00        3199.00    
  105      2824995      1        1        39497        0.15   13       0        3921        3038.23     0.00        3038.23    
  106      2010143      1        3        134264       0.51   49       0        3892        2740.08     0.00        2740.08    
  107      2008297      1        5        3859         0.01   1        0        3859        3859.00     0.00        3859.00    
  108      2828877      1        1        9609         0.04   3        0        3802        3203.00     0.00        3203.00    
  109      2013506      1        1        20885        0.08   6        0        3802        3480.83     0.00        3480.83    
  110      2102190      1        5        53395        0.20   18       0        3761        2966.39     0.00        2966.39    
  111      2806561      1        5        20855        0.08   6        0        3739        3475.83     0.00        3475.83    
  112      2002992      1        7        18909        0.07   6        0        3739        3151.50     0.00        3151.50    
  113      2021976      1        2        19287        0.07   6        0        3719        3214.50     0.00        3214.50    
  114      2023624      1        3        113487       0.43   43       0        3696        2639.23     0.00        2639.23    
  115      2008306      1        3        35646        0.14   12       0        3682        2970.50     0.00        2970.50    
  116      2023627      1        3        104134       0.40   38       0        3656        2740.37     0.00        2740.37    
  117      2025200      1        1        12283        0.05   4        0        3649        3070.75     0.00        3070.75    
  118      2100540      1        12       6537         0.02   2        0        3647        3268.50     0.00        3268.50    
  119      2101936      1        9        3643         0.01   1        0        3643        3643.00     0.00        3643.00    
  120      2002995      1        10       19031        0.07   6        0        3640        3171.83     0.00        3171.83    
  121      2103238      1        4        19404        0.07   6        0        3601        3234.00     0.00        3234.00    
  122      2017548      1        6        7148         0.03   2        0        3601        3574.00     0.00        3574.00    
  123      2100566      1        5        11882        0.05   4        0        3564        2970.50     0.00        2970.50    
  124      2003068      1        7        19779        0.08   6        0        3562        3296.50     0.00        3296.50    
  125      2016363      1        2        12

This file has been truncated. Go here to download in full.