Filename: 6e534b43-3c93-462c-8ee6-174cd031745f.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.3666908741 seconds
Hash: b1c703dd8193ec45ba9f990ee65fc498
Uploaded: 1552398471

Logfiles


packet_stats.log - (15452 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6           203          3277788       74230057      54701596         11.1b   95.14
 IPv4      17            55          1683716       71359377       9658001        531.2m    4.55
 IPv6      17             7          2099190        7171469       5098771         35.7m    0.31
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6           203            67708       13262113        291490         59.2m   60.36
TMM_FLOWWORKER              IPv4      17            55           118168        2386977        307992         16.9m   17.28
TMM_RECEIVEPCAPFILE         IPv4       6           198             2558           3774          2992        592.5k    0.60
TMM_RECEIVEPCAPFILE         IPv4      17            55             2554       19260806        353793         19.5m   19.85
TMM_DECODEPCAPFILE          IPv4       6           198             2660          11549          2854        565.3k    0.58
TMM_DECODEPCAPFILE          IPv4      17            55             2689          31634          3433        188.9k    0.19
TMM_FLOWWORKER              IPv6      17             7           108182         286406        151700          1.1m    1.08
TMM_RECEIVEPCAPFILE         IPv6      17             7             2580           2857          2758         19.3k    0.02
TMM_DECODEPCAPFILE          IPv6      17             7             2798          17865          5302         37.1k    0.04

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6           198             2858          30902          3412        675.7k  0.95  
flow                    IPv4      17            55             2658          32002          4398        241.9k  0.34  
stream                  IPv4       6           203             3050        1409796         23524          4.8m  6.74  
app-layer               IPv4      17            55             2531         116355          7794        428.7k  0.61  
detect                  IPv4       6           203            45406       13217040        239403         48.6m  68.60 
detect                  IPv4      17            55           102271        2368470        263501         14.5m  20.46 
tcp-prune               IPv4       6           203             2558          20686          3161        641.8k  0.91  
flow                    IPv6      17             7             2842          15347          7448         52.1k  0.07  
app-layer               IPv6      17             7             2615          12810          6673         46.7k  0.07  
detect                  IPv6      17             7            92295         257671        126756        887.3k  1.25  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             2            11037          21033         16035         32.1k  26.87 
tls                     IPv4       6             8             2730           5804          3471         27.8k  23.27 
dns                     IPv4      17             4             7429          20995         14875         59.5k  49.86 
Proto detect            IPv4      17            10             2744          28758          9691         96.9k
Proto detect            IPv6      17             4             2822           6981          4088         16.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             4            17255          57187         28422        113.7k  4.96  
LOGGER_UNIFIED2             IPv4       6             4            22635         119592         53363        213.5k  9.30  
LOGGER_JSON_ALERT           IPv4       6             4            38223          68345         48456        193.8k  8.45  
LOGGER_JSON_DNS             IPv4      17             4            40616         862191        279694          1.1m  48.76 
LOGGER_JSON_HTTP            IPv4       6             1           174152         174152        174152        174.2k  7.59  
LOGGER_JSON_TLS             IPv4       6             4            60361          93390         71737        286.9k  12.51 
LOGGER_JSON_FILE            IPv4       6             1           193463         193463        193463        193.5k  8.43  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            76             2629         117354         27707         2.1m  19.05 
payload                           IPv4      17            55             3144          91300         12985       714.2k  6.46  
stream                            IPv4       6            76             2549         508487         49872         3.8m  34.29 
http_uri                          IPv4       6             1            38562          38562         38562        38.6k  0.35  
http_request_line                 IPv4       6             1             8535           8535          8535         8.5k  0.08  
http_client_body                  IPv4       6             1             3596           3596          3596         3.6k  0.03  
http_header (request)             IPv4       6             1            81100          81100         81100        81.1k  0.73  
http_header (request trailer)     IPv4       6             1             2606           2606          2606         2.6k  0.02  
http_header_names (request)       IPv4       6             1            23344          23344         23344        23.3k  0.21  
http_accept (request)             IPv4       6             1             4682           4682          4682         4.7k  0.04  
http_referer (request)            IPv4       6             1             3398           3398          3398         3.4k  0.03  
http_content_len (request)        IPv4       6             1            35479          35479         35479        35.5k  0.32  
http_content_type (request)       IPv4       6             1             3807           3807          3807         3.8k  0.03  
http_protocol (request)           IPv4       6             1             5553           5553          5553         5.6k  0.05  
http_start (request)              IPv4       6             1            18060          18060         18060        18.1k  0.16  
http_raw_header (request)         IPv4       6             1            24523          24523         24523        24.5k  0.22  
http_method                       IPv4       6             1             6755           6755          6755         6.8k  0.06  
http_cookie (request)             IPv4       6             1             4076           4076          4076         4.1k  0.04  
http_raw_uri                      IPv4       6             1             6754           6754          6754         6.8k  0.06  
http_user_agent                   IPv4       6             1            27494          27494         27494        27.5k  0.25  
http_host                         IPv4       6             1            10799          10799         10799        10.8k  0.10  
dns_query                         IPv4      17             2            15533          17143         16338        32.7k  0.30  
tls_sni                           IPv4       6             4             4277         389053        102001       408.0k  3.69  
http_response_line                IPv4       6             1             9966           9966          9966        10.0k  0.09  
http_header (response)            IPv4       6             1            50037          50037         50037        50.0k  0.45  
http_header (response trailer)    IPv4       6             1             3514           3514          3514         3.5k  0.03  
http_content_type (response)      IPv4       6             1             8666           8666          8666         8.7k  0.08  
http_raw_header (response)        IPv4       6            47             4526          14174          5077       238.7k  2.16  
http_cookie (response)            IPv4       6             1             3107           3107          3107         3.1k  0.03  
http_stat_code                    IPv4       6             1             5122           5122          5122         5.1k  0.05  
tls_cert_issuer                   IPv4       6             4             2641           3202          2875        11.5k  0.10  
tls_cert_subject                  IPv4       6             4             3522           7518          5724        22.9k  0.21  
tls_cert_serial                   IPv4       6             4             3487           7327          5569        22.3k  0.20  
file_data (http response)         IPv4       6            46             2579        1491670         71052         3.3m  29.57 
Total                             IPv4                   342                                         32175        11.0m
payload                           IPv6      17             7             3220          19496          6962        48.7k  0.44  
Total                             IPv6                     7                                          6962        48.7k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6            10            10432         393044         73353        733.5k  1.00  
PROF_DETECT_IPONLY          IPv4      17            10            37543          72537         49059        490.6k  0.67  
PROF_DETECT_RULES           IPv4       6           203             2543        1628419         49167         10.0m  13.64 
PROF_DETECT_RULES           IPv4      17            55            44119        2307118        165106          9.1m  12.41 
PROF_DETECT_STATEFUL_START    IPv4       6            32             5122        1316828         89134          2.9m  3.90  
PROF_DETECT_STATEFUL_CONT    IPv4       6           203             2524          36450          7951          1.6m  2.21  
PROF_DETECT_STATEFUL_CONT    IPv4      17            55             2523          52543          3926        216.0k  0.30  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           183             2553          62129          3167        579.6k  0.79  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             4             2732           3717          3069         12.3k  0.02  
PROF_DETECT_PREFILTER       IPv4       6           203             7861       13057230        135512         27.5m  37.59 
PROF_DETECT_PREFILTER       IPv4      17            55            23674         115675         36842          2.0m  2.77  
PROF_DETECT_PF_PAYLOAD      IPv4       6            76            17341         534722         86285          6.6m  8.96  
PROF_DETECT_PF_PAYLOAD      IPv4      17            55             8204          96704         18253          1.0m  1.37  
PROF_DETECT_PF_TX           IPv4       6           183             2586        1505296         28841          5.3m  7.21  
PROF_DETECT_PF_TX           IPv4      17             2            21633          23059         22346         44.7k  0.06  
PROF_DETECT_PF_SORT1        IPv4       6            55             2541           6213          3203        176.2k  0.24  
PROF_DETECT_PF_SORT1        IPv4      17            55             2639           5399          3524        193.8k  0.26  
PROF_DETECT_PF_SORT2        IPv4       6           203             2527           4289          2739        556.2k  0.76  
PROF_DETECT_PF_SORT2        IPv4      17            55             2552           4689          2910        160.1k  0.22  
PROF_DETECT_NONMPMLIST      IPv4       6           203             2565          85642          3529        716.5k  0.98  
PROF_DETECT_NONMPMLIST      IPv4      17            55             2541           4128          2829        155.6k  0.21  
PROF_DETECT_ALERT           IPv4       6           203             2531          15470          2809        570.4k  0.78  
PROF_DETECT_ALERT           IPv4      17            55             2529          16410          2897        159.4k  0.22  
PROF_DETECT_CLEANUP         IPv4       6           203             2582          26219          2933        595.4k  0.81  
PROF_DETECT_CLEANUP         IPv4      17            55             2525           5492          2768        152.3k  0.21  
PROF_DETECT_GETSGH          IPv4       6           203             2527          29882          3511        712.8k  0.97  
PROF_DETECT_GETSGH          IPv4      17            55             2527          27544          3719        204.6k  0.28  
PROF_DETECT_IPONLY          IPv6      17             4             3181           7899          5676         22.7k  0.03  
PROF_DETECT_RULES           IPv6      17             7            33874         146179         51774        362.4k  0.50  
PROF_DETECT_STATEFUL_CONT    IPv6      17             7             2516           2783          2640         18.5k  0.03  
PROF_DETECT_PREFILTER       IPv6      17             7            23827          42132         29581        207.1k  0.28  
PROF_DETECT_PF_PAYLOAD      IPv6      17             7             8284          24807         12172         85.2k  0.12  
PROF_DETECT_PF_SORT1        IPv6      17             7             2632           3995          3001         21.0k  0.03  
PROF_DETECT_PF_SORT2        IPv6      17             7             2559           2838          2659         18.6k  0.03  
PROF_DETECT_NONMPMLIST      IPv6      17             7             2530           2775          2666         18.7k  0.03  
PROF_DETECT_ALERT           IPv6      17             7             2536           2990          2613         18.3k  0.02  
PROF_DETECT_CLEANUP         IPv6      17             7             2545           4629          3154         22.1k  0.03  
PROF_DETECT_GETSGH          IPv6      17             7             2580          21950          7108         49.8k  0.07  


suricata-4.0.0-etpro-all-perf.txt-2019-03-12-T-13-48-14-03122019.1347-6e534b43-3c93-462c-8ee6-174cd031745f.pcap.txt - (24278 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 3/12/2019 -- 13:48:14. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2022842      1        5        411977       3.54   1        0        411977      411977.00   0.00        411977.00  
  2        2828876      1        1        433679       3.72   19       0        382868      22825.21    0.00        22825.21   
  3        2820158      1        2        346546       2.98   1        0        346546      346546.00   0.00        346546.00  
  4        2820157      1        2        334518       2.87   1        0        334518      334518.00   0.00        334518.00  
  5        2819930      1        2        596581       5.12   3        0        312460      198860.33   0.00        198860.33  
  6        2819664      1        2        602926       5.18   3        0        289652      200975.33   0.00        200975.33  
  7        2020865      1        3        420649       3.61   4        0        136593      105162.25   0.00        105162.25  
  8        2023476      1        5        313620       2.69   4        0        92964       78405.00    0.00        78405.00   
  9        2803657      1        5        232768       2.00   3        0        91116       77589.33    0.00        77589.33   
  10       2100518      1        8        130216       1.12   16       0        87667       8138.50     0.00        8138.50    
  11       2022535      1        11       313701       2.69   4        0        83909       78425.25    0.00        78425.25   
  12       2022627      1        12       261419       2.24   4        0        70865       65354.75    0.00        65354.75   
  13       2805348      1        4        686791       5.90   15       0        69858       45786.07    0.00        45786.07   
  14       2828823      1        2        146418       1.26   4        4        61471       36604.50    36604.50    0.00       
  15       2821014      1        13       59670        0.51   1        0        59670       59670.00    0.00        59670.00   
  16       2801929      1        7        58049        0.50   1        0        58049       58049.00    0.00        58049.00   
  17       2804927      1        2        53567        0.46   1        0        53567       53567.00    0.00        53567.00   
  18       2024771      1        1        230968       1.98   47       0        49766       4914.21     0.00        4914.21    
  19       2023818      1        2        46891        0.40   1        1        46891       46891.00    46891.00    0.00       
  20       2801930      1        7        44931        0.39   1        0        44931       44931.00    0.00        44931.00   
  21       2802987      1        5        43549        0.37   1        0        43549       43549.00    0.00        43549.00   
  22       2815664      1        3        40492        0.35   1        0        40492       40492.00    0.00        40492.00   
  23       2816356      1        2        34740        0.30   1        0        34740       34740.00    0.00        34740.00   
  24       2008117      1        3        82460        0.71   19       0        32580       4340.00     0.00        4340.00    
  25       2809850      1        2        31431        0.27   1        0        31431       31431.00    0.00        31431.00   
  26       2012707      1        5        30960        0.27   1        0        30960       30960.00    0.00        30960.00   
  27       2022914      1        1        47536        0.41   3        0        30837       15845.33    0.00        15845.33   
  28       2015986      1        5        38335        0.33   4        0        29577       9583.75     0.00        9583.75    
  29       2821615      1        2        28995        0.25   1        0        28995       28995.00    0.00        28995.00   
  30       2806802      1        2        120406       1.03   6        0        28420       20067.67    0.00        20067.67   
  31       2018377      1        3        31383        0.27   2        0        28229       15691.50    0.00        15691.50   
  32       2024909      1        2        46749        0.40   2        0        27547       23374.50    0.00        23374.50   
  33       2020698      1        2        27393        0.24   1        0        27393       27393.00    0.00        27393.00   
  34       2803760      1        3        44504        0.38   2        0        27232       22252.00    0.00        22252.00   
  35       2016948      1        2        78996        0.68   5        0        27204       15799.20    0.00        15799.20   
  36       2807878      1        2        27201        0.23   1        0        27201       27201.00    0.00        27201.00   
  37       2016143      1        3        102036       0.88   6        0        26862       17006.00    0.00        17006.00   
  38       2016537      1        2        287873       2.47   20       0        26693       14393.65    0.00        14393.65   
  39       2810481      1        4        80561        0.69   4        0        25309       20140.25    0.00        20140.25   
  40       2012612      1        16       24187        0.21   1        0        24187       24187.00    0.00        24187.00   
  41       2827279      1        5        23992        0.21   1        0        23992       23992.00    0.00        23992.00   
  42       2022502      1        4        23339        0.20   1        0        23339       23339.00    0.00        23339.00   
  43       2009702      1        5        48842        0.42   4        0        22993       12210.50    0.00        12210.50   
  44       2828008      1        2        22854        0.20   1        0        22854       22854.00    0.00        22854.00   
  45       2014701      1        12       48449        0.42   4        0        22602       12112.25    0.00        12112.25   
  46       2017552      1        6        286666       2.46   21       0        22413       13650.76    0.00        13650.76   
  47       2830036      1        1        22233        0.19   1        0        22233       22233.00    0.00        22233.00   
  48       2816165      1        5        22136        0.19   1        0        22136       22136.00    0.00        22136.00   
  49       2007880      1        7        22114        0.19   1        0        22114       22114.00    0.00        22114.00   
  50       2826256      1        2        22021        0.19   1        0        22021       22021.00    0.00        22021.00   
  51       2829625      1        2        21679        0.19   1        0        21679       21679.00    0.00        21679.00   
  52       2022552      1        2        58377        0.50   3        0        21611       19459.00    0.00        19459.00   
  53       2018667      1        3        21493        0.18   1        0        21493       21493.00    0.00        21493.00   
  54       2806659      1        4        20596        0.18   1        0        20596       20596.00    0.00        20596.00   
  55       2014519      1        7        20333        0.17   1        0        20333       20333.00    0.00        20333.00   
  56       2010140      1        7        221089       1.90   55       0        18301       4019.80     0.00        4019.80    
  57       2022543      1        1        33815        0.29   2        0        17774       16907.50    0.00        16907.50   
  58       2017748      1        6        57508        0.49   4        0        17747       14377.00    0.00        14377.00   
  59       2024650      1        1        84675        0.73   6        0        17581       14112.50    0.00        14112.50   
  60       2019345      1        2        17387        0.15   1        0        17387       17387.00    0.00        17387.00   
  61       2014473      1        5        57394        0.49   4        0        16899       14348.50    0.00        14348.50   
  62       2003068      1        7        26274        0.23   4        0        16765       6568.50     0.00        6568.50    
  63       2018375      1        3        32876        0.28   2        0        16535       16438.00    0.00        16438.00   
  64       2811034      1        1        30874        0.27   4        0        16349       7718.50     0.00        7718.50    
  65       2826281      1        2        31301        0.27   2        0        16155       15650.50    0.00        15650.50   
  66       2824995      1        1        39013        0.33   9        0        16094       4334.78     0.00        4334.78    
  67       2815451      1        2        98715        0.85   8        0        15840       12339.38    0.00        12339.38   
  68       2811542      1        1        33131        0.28   3        0        15415       11043.67    0.00        11043.67   
  69       2019230      1        2        18220        0.16   2        0        15203       9110.00     0.00        9110.00    
  70       2014703      1        9        35959        0.31   4        0        15074       8989.75     0.00        8989.75    
  71       2102523      1        8        38870        0.33   9        0        15035       4318.89     0.00        4318.89    
  72       2819694      1        2        14917        0.13   1        0        14917       14917.00    0.00        14917.00   
  73       2807531      1        3        24650        0.21   2        0        14877       12325.00    0.00        12325.00   
  74       2811544      1        1        17819        0.15   2        0        14509       8909.50     0.00        8909.50    
  75       2014702      1        9        33681        0.29   4        0        14363       8420.25     0.00        8420.25    
  76       2811577      1        2        16959        0.15   2        0        13973       8479.50     0.00        8479.50    
  77       2805211      1        1        26098        0.22   3        0        10090       8699.33     0.00        8699.33    
  78       2822213      1        2        13918        0.12   4        0        4535        3479.50     0.00        3479.50    
  79       2010143      1        3        151712       1.30   55       0        4234        2758.40     0.00        2758.40    
  80       2009387      1        4        25546        0.22   8        0        4207        3193.25     0.00        3193.25    
  81       2018382      1        8        8146         0.07   2        0        4185        4073.00     0.00        4073.00    
  82       2008116      1        4        46187        0.40   16       0        4114        2886.69     0.00        2886.69    
  83       2008306      1        3        22998        0.20   8        0        4072        2874.75     0.00        2874.75    
  84       2102330      1        3        4052         0.03   1        0        4052        4052.00     0.00        4052.00    
  85       2018373      1        3        7585         0.07   2        0        3995        3792.50     0.00        3792.50    
  86       2102110      1        4        3986         0.03   1        0        3986        3986.00     0.00        3986.00    
  87       2809256      1        3        24586        0.21   8        0        3945        3073.25     0.00        3073.25    
  88       2801347      1        5        44023        0.38   16       0        3898        2751.44     0.00        2751.44    
  89       2018281      1        4        13050        0.11   4        0        3892        3262.50     0.00        3262.50    
  90       2804586      1        2        3879         0.03   1        0        3879        3879.00     0.00        3879.00    
  91       2016363      1        2        14639        0.13   5        0        3870        2927.80     0.00        2927.80    
  92       2024778      1        1        13482        0.12   4        0        3839        3370.50     0.00        3370.50    
  93       2019313      1        3        6811         0.06   2        0        3833        3405.50     0.00        3405.50    
  94       2802205      1        3        44640        0.38   16       0        3822        2790.00     0.00        2790.00    
  95       2019016      1        3        43814        0.38   16       0        3750        2738.38     0.00        2738.38    
  96       2010142      1        4        145457       1.25   55       0        3737        2644.67     0.00        2644.67    
  97       2022547      1        1        41333        0.35   14       0        3732        2952.36     0.00        2952.36    
  98       2021976      1        2        12881        0.11   4        0        3706        3220.25     0.00        3220.25    
  99       2001330      1        8        166158       1.43   61       0        3667        2723.90     0.00        2723.90    
  100      2821129      1        2        22827        0.20   8        0        3651        2853.38     0.00        2853.38    
  101      2025200      1        1        12117        0.10   4        0        3649        3029.25     0.00        3029.25    
  102      2100327      1        10       15648        0.13   5        0        3636        3129.60     0.00        3129.60    
  103      2021978      1        6        11329        0.10   4        0        3605        2832.25     0.00        2832.25    
  104      2009984      1        2        6907         0.06   2        0        3581        3453.50     0.00        3453.50    
  105      2019011      1        3        44305        0.38   16       0        3579        2769.06     0.00        2769.06    
  106      2019017      1        3        40884        0.35   15       0        3572        2725.60     0.00        2725.60    
  107      2806561      1        5        13324        0.11   4        0        3556        3331.00     0.00        3331.00    
  108      2008297      1        5        3547         0.03   1        0        3547        3547.00     0.00        3547.00    
  109      2009243      1        2        35363        0.30   12       0        3540        2946.92     0.00        2946.92    
  110      2017548      1        6        6355         0.05   2        0        3525        3177.50     0.00        3177.50    
  111      2024777      1        2        39489        0.34   14       0        3523        2820.64     0.00        2820.64    
  112      2002994      1        7        12019        0.10   4        0        3520        3004.75     0.00        3004.75    
  113      2809132      1        1        12614        0.11   4        0        3511        3153.50     0.00        3153.50    
  114      2823788      1        4        6795         0.06   2        0        3505        3397.50     0.00        3397.50    
  115      2013739      1        15       141066       1.21   53       0        3503        2661.62     0.00        2661.62    
  116      2811447      1        2        6136         0.05   2        0        3500        3068.00     0.00        3068.00    
  117      2001582      1        15       12334        0.11   4        0        3499        3083.50     0.00        3083.50    
  118      2023617      1        3        19183        0.16   7        0        3494        2740.43     0.00        2740.43    
  119      2022132      1        1        6285         0.05   2        0        3492        3142.50     0.00        3142.50    
  120      2006447      1        13       3490         0.03   1        0        3490        3490.00     0.00        3490.00    
  121      2001219      1        20       12497        0.11   4        0        3487        3124.25     0.00        3124.25    
  122      2807546      1        6        13173        0.11   4        0        3479        3293.25     0.00        3293.25    
  123      2103238      1        4        12110        0.10   4        0        3470        3027.50     0.00        3027.50    
  124      2008420      1        4        6873         0.06   2        0        3465        3436.50     0.00        3436.50    
  125      2100660      1        13       3

This file has been truncated. Go here to download in full.


stats.log - (3437 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
------------------------------------------------------------------------------------
Date: 3/12/2019 -- 13:48:14 (uptime: 0d, 00h 00m 02s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 398
decoder.bytes                              | Total                     | 140044
decoder.ipv4                               | Total                     | 253
decoder.ipv6                               | Total                     | 7
decoder.ethernet                           | Total                     | 398
decoder.tcp                                | Total                     | 198
decoder.udp                                | Total                     | 62
decoder.avg_pkt_size                       | Total                     | 351
decoder.max_pkt_size                       | Total                     | 1260
flow.tcp                                   | Total                     | 5
flow.udp                                   | Total                     | 12
tcp.sessions                               | Total                     | 5
tcp.syn                                    | Total                     | 5
tcp.synack                                 | Total                     | 5
tcp.rst                                    | Total                     | 1
tcp.overlap                                | Total                     | 1
detect.alert                               | Total                     | 4
detect.mpm_list                            | Total                     | 4
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 5
app_layer.flow.http                        | Total                     | 1
app_layer.tx.http                          | Total                     | 1
app_layer.flow.tls                         | Total                     | 4
app_layer.flow.dns_udp                     | Total                     | 2
app_layer.tx.dns_udp                       | Total                     | 2
app_layer.flow.failed_udp                  | Total                     | 10
flow_mgr.new_pruned                        | Total                     | 10
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 7
flow_mgr.flows_notimeout                   | Total                     | 2
flow_mgr.flows_timeout                     | Total                     | 5
flow_mgr.flows_timeout_inuse               | Total                     | 3
flow_mgr.flows_removed                     | Total                     | 2
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_skipped                      | Total                     | 65521
flow_mgr.rows_empty                        | Total                     | 8
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7076896


eve.json - (7386 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
{"timestamp":"2019-03-12T02:31:57.127094+0000","flow_id":1317593325367414,"pcap_cnt":112,"event_type":"dns","src_ip":"192.168.100.162","src_port":53952,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":24000,"rrname":"functiondiscovery.net","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-12T02:31:57.169243+0000","flow_id":1317593325367414,"pcap_cnt":113,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.162","dest_port":53952,"proto":"UDP","dns":{"type":"answer","id":24000,"rcode":"NOERROR","rrname":"functiondiscovery.net","rrtype":"A","ttl":899,"rdata":"185.216.35.182"}}
{"timestamp":"2019-03-12T02:31:57.320263+0000","flow_id":1731574485600090,"pcap_cnt":120,"event_type":"tls","src_ip":"192.168.100.162","src_port":50047,"dest_ip":"185.216.35.182","dest_port":8443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-03-12T02:31:57.387073+0000","flow_id":1731574485600090,"pcap_cnt":121,"event_type":"alert","src_ip":"185.216.35.182","src_port":8443,"dest_ip":"192.168.100.162","dest_port":50047,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-03-12T02:31:57.495609+0000","flow_id":2107744901238777,"pcap_cnt":122,"event_type":"dns","src_ip":"192.168.100.162","src_port":53937,"dest_ip":"192.168.100.2","dest_port":53,"proto":"UDP","dns":{"type":"query","id":38426,"rrname":"www.download.windowsupdate.com","rrtype":"A","tx_id":0}}
{"timestamp":"2019-03-12T02:31:57.534322+0000","flow_id":2107744901238777,"pcap_cnt":123,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.162","dest_port":53937,"proto":"UDP","dns":{"type":"answer","id":38426,"rcode":"NOERROR","rrname":"www.download.windowsupdate.com","rrtype":"CNAME","ttl":2853,"rdata":"2-01-3cf7-0009.cdx.cedexis.net"}}
{"timestamp":"2019-03-12T02:31:57.534322+0000","flow_id":2107744901238777,"pcap_cnt":123,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.162","dest_port":53937,"proto":"UDP","dns":{"type":"answer","id":38426,"rcode":"NOERROR","rrname":"2-01-3cf7-0009.cdx.cedexis.net","rrtype":"CNAME","ttl":239,"rdata":"wu.azureedge.net"}}
{"timestamp":"2019-03-12T02:31:57.534322+0000","flow_id":2107744901238777,"pcap_cnt":123,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.162","dest_port":53937,"proto":"UDP","dns":{"type":"answer","id":38426,"rcode":"NOERROR","rrname":"wu.azureedge.net","rrtype":"CNAME","ttl":1115,"rdata":"wu.ec.azureedge.net"}}
{"timestamp":"2019-03-12T02:31:57.534322+0000","flow_id":2107744901238777,"pcap_cnt":123,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.162","dest_port":53937,"proto":"UDP","dns":{"type":"answer","id":38426,"rcode":"NOERROR","rrname":"wu.ec.azureedge.net","rrtype":"CNAME","ttl":299,"rdata":"wu.wpc.apr-52dd2.edgecastdns.net"}}
{"timestamp":"2019-03-12T02:31:57.534322+0000","flow_id":2107744901238777,"pcap_cnt":123,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.162","dest_port":53937,"proto":"UDP","dns":{"type":"answer","id":38426,"rcode":"NOERROR","rrname":"wu.wpc.apr-52dd2.edgecastdns.net","rrtype":"CNAME","ttl":299,"rdata":"hlb.apr-52dd2-0.edgecastdns.net"}}
{"timestamp":"2019-03-12T02:31:57.534322+0000","flow_id":2107744901238777,"pcap_cnt":123,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.162","dest_port":53937,"proto":"UDP","dns":{"type":"answer","id":38426,"rcode":"NOERROR","rrname":"hlb.apr-52dd2-0.edgecastdns.net","rrtype":"CNAME","ttl":299,"rdata":"cs11.wpc.v0cdn.net"}}
{"timestamp":"2019-03-12T02:31:57.534322+0000","flow_id":2107744901238777,"pcap_cnt":123,"event_type":"dns","src_ip":"192.168.100.2","src_port":53,"dest_ip":"192.168.100.162","dest_port":53937,"proto":"UDP","dns":{"type":"answer","id":38426,"rcode":"NOERROR","rrname":"cs11.wpc.v0cdn.net","rrtype":"A","ttl":3599,"rdata":"93.184.221.240"}}
{"timestamp":"2019-03-12T02:31:57.636198+0000","flow_id":1011003527342712,"pcap_cnt":197,"event_type":"http","src_ip":"192.168.100.162","src_port":50053,"dest_ip":"93.184.221.240","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"www.download.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed"}}
{"timestamp":"2019-03-12T02:31:59.395930+0000","flow_id":351537068973524,"pcap_cnt":221,"event_type":"tls","src_ip":"192.168.100.162","src_port":50081,"dest_ip":"185.216.35.182","dest_port":8443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-03-12T02:31:59.461569+0000","flow_id":351537068973524,"pcap_cnt":222,"event_type":"alert","src_ip":"185.216.35.182","src_port":8443,"dest_ip":"192.168.100.162","dest_port":50081,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-03-12T02:32:00.701455+0000","flow_id":908469773323480,"pcap_cnt":239,"event_type":"tls","src_ip":"192.168.100.162","src_port":50101,"dest_ip":"185.216.35.182","dest_port":8443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-03-12T02:32:00.768115+0000","flow_id":908469773323480,"pcap_cnt":240,"event_type":"alert","src_ip":"185.216.35.182","src_port":8443,"dest_ip":"192.168.100.162","dest_port":50101,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-03-12T02:33:32.704671+0000","flow_id":759561115720435,"pcap_cnt":358,"event_type":"tls","src_ip":"192.168.100.162","src_port":51352,"dest_ip":"185.216.35.182","dest_port":8443,"proto":"TCP","tls":{"subject":"C=US","issuerdn":"C=US"}}
{"timestamp":"2019-03-12T02:33:32.768076+0000","flow_id":759561115720435,"pcap_cnt":359,"event_type":"alert","src_ip":"185.216.35.182","src_port":8443,"dest_ip":"192.168.100.162","dest_port":51352,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2828823,"rev":2,"signature":"ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire)","category":"A Network Trojan was detected","severity":1},"app_proto":"tls"}
{"timestamp":"2019-03-12T02:34:29.820213+0000","flow_id":1011003527342712,"event_type":"fileinfo","src_ip":"93.184.221.240","src_port":80,"dest_ip":"192.168.100.162","dest_port":50053,"proto":"TCP","http":{"hostname":"www.download.windowsupdate.com","url":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","http_user_agent":"Microsoft-CryptoAPI\/6.1","http_content_type":"application\/vnd.ms-cab-compressed","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":56560},"app_proto":"http","fileinfo":{"filename":"\/msdownload\/update\/v3\/static\/trustedr\/en\/authrootstl.cab","gaps":false,"state":"CLOSED","stored":false,"size":56560,"tx_id":0}}


unified2.alert.1552398492 - (4052 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
4\‡è+*¹Ø#¶À¨d¢ ûñ\‡\‡è•E‡´˜¹Ø#¶À¨d¢ ûÃP³äQMÄçú&«ïk{ØÈ&)4¹å}úNÃUyª5^Cû áÏÕAËS6U^ÁRêú)c„¶U˜ ü~Ç¥B;Y¹×ƒ//ÿû÷ôñ0‚í0‚Õ 	؆ýç’(ª40
	*†H†÷
0
10	UUS0
190201105905Z
200201105905Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚À‘,#Y÷ˆ¢â@Ùé{Uðö;³»K©à|f.ãëËnY€°öæêhΞW·o\¢ø½n%KHn³Àè[d
ñe«ŒxƒÄ30býç@„´ŒátåíÌÛÿ*,²+¹ÖF•y§E¦bõÉ?’ÍÛÐcžzÀjfiÏãw8±Ù¼J{¸Gh05³&ëL©vìÚ´’O¸^­¾£ƒH€Û[ýY>ꐷâ`Õß/q®W`XÇ)½Þk¼ªR‘ÉϙÎ
hóD'm@nn#BŸ¹¼OëJð#¿ãÁzMEðÍ4RgåG®8œƒâ¹e‘H³èo
O"œç£ý£Yd2k±£P0N0U0ha6Ôµ?л¢üX#8Aa`¹NT0U#0€0ha6Ôµ?л¢üX#8Aa`¹NT0U0ÿ0
	*†H†÷
‚_ÎlA©Iɨd¬Uœ±Á)J+Û¦ùžçƒ*.uû»ébÚ)YÿÇoÆeÀ¸g¥µ¬W–’B˜(-ŽC¨Áú`v¸èðˆœ‰Ó³=:=šòkµ¾dñèþKdCm¶ñ*MY<%éÔð ¦|ýš‚3þXÇ:„Nz’ñ“Áñp?¶ŸZïœR©*¼Õæ–vlà!F\ËF‰÷ˆŠÅÏí_™ø˜k¿“–ñ]Ÿ¢Aš £—ƒÄ4°I]Êqm‚ù'7˜ÐÈcSä¤wT‡™ò5›ÙU€ÐQÎ0ó.6û?
ÞDŸK„GFä"=˜ZžޝZ…¬ýßá&ÄîZ4\‡+*¹Ø#¶À¨d¢ ûá±\‡\‡•E‡´˜¹Ø#¶À¨d¢ ûáP¬QMiØ&‡ï†æM™"»oÍtøt·gamctûo۞Ò~ý mléI'HãZ¯JX9Ò¤bŸ@Á
šb
D™Ó/ÿû÷ôñ0‚í0‚Õ 	؆ýç’(ª40
	*†H†÷
0
10	UUS0
190201105905Z
200201105905Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚À‘,#Y÷ˆ¢â@Ùé{Uðö;³»K©à|f.ãëËnY€°öæêhΞW·o\¢ø½n%KHn³Àè[d
ñe«ŒxƒÄ30býç@„´ŒátåíÌÛÿ*,²+¹ÖF•y§E¦bõÉ?’ÍÛÐcžzÀjfiÏãw8±Ù¼J{¸Gh05³&ëL©vìÚ´’O¸^­¾£ƒH€Û[ýY>ꐷâ`Õß/q®W`XÇ)½Þk¼ªR‘ÉϙÎ
hóD'm@nn#BŸ¹¼OëJð#¿ãÁzMEðÍ4RgåG®8œƒâ¹e‘H³èo
O"œç£ý£Yd2k±£P0N0U0ha6Ôµ?л¢üX#8Aa`¹NT0U#0€0ha6Ôµ?л¢üX#8Aa`¹NT0U0ÿ0
	*†H†÷
‚_ÎlA©Iɨd¬Uœ±Á)J+Û¦ùžçƒ*.uû»ébÚ)YÿÇoÆeÀ¸g¥µ¬W–’B˜(-ŽC¨Áú`v¸èðˆœ‰Ó³=:=šòkµ¾dñèþKdCm¶ñ*MY<%éÔð ¦|ýš‚3þXÇ:„Nz’ñ“Áñp?¶ŸZïœR©*¼Õæ–vlà!F\ËF‰÷ˆŠÅÏí_™ø˜k¿“–ñ]Ÿ¢Aš £—ƒÄ4°I]Êqm‚ù'7˜ÐÈcSä¤wT‡™ò5›ÙU€ÐQÎ0ó.6û?
ÞDŸK„GFä"=˜ZžޝZ…¬ýßá&ÄîZ4\‡ ¸s+*¹Ø#¶À¨d¢ ûõ±\‡ \‡ ¸s•E‡´˜¹Ø#¶À¨d¢ ûõP,¾QMvQ
yكXa^.f¸ÓÝ0œØ—JB /’ÕÂ(ËÈÒß h1÷7œIÄw1íÎlÉWVç	a¨ÿŸ	g;Ñ¿šfŒ/ÿû÷ôñ0‚í0‚Õ 	؆ýç’(ª40
	*†H†÷
0
10	UUS0
190201105905Z
200201105905Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚À‘,#Y÷ˆ¢â@Ùé{Uðö;³»K©à|f.ãëËnY€°öæêhΞW·o\¢ø½n%KHn³Àè[d
ñe«ŒxƒÄ30býç@„´ŒátåíÌÛÿ*,²+¹ÖF•y§E¦bõÉ?’ÍÛÐcžzÀjfiÏãw8±Ù¼J{¸Gh05³&ëL©vìÚ´’O¸^­¾£ƒH€Û[ýY>ꐷâ`Õß/q®W`XÇ)½Þk¼ªR‘ÉϙÎ
hóD'm@nn#BŸ¹¼OëJð#¿ãÁzMEðÍ4RgåG®8œƒâ¹e‘H³èo
O"œç£ý£Yd2k±£P0N0U0ha6Ôµ?л¢üX#8Aa`¹NT0U#0€0ha6Ôµ?л¢üX#8Aa`¹NT0U0ÿ0
	*†H†÷
‚_ÎlA©Iɨd¬Uœ±Á)J+Û¦ùžçƒ*.uû»ébÚ)YÿÇoÆeÀ¸g¥µ¬W–’B˜(-ŽC¨Áú`v¸èðˆœ‰Ó³=:=šòkµ¾dñèþKdCm¶ñ*MY<%éÔð ¦|ýš‚3þXÇ:„Nz’ñ“Áñp?¶ŸZïœR©*¼Õæ–vlà!F\ËF‰÷ˆŠÅÏí_™ø˜k¿“–ñ]Ÿ¢Aš £—ƒÄ4°I]Êqm‚ù'7˜ÐÈcSä¤wT‡™ò5›ÙU€ÐQÎ0ó.6û?
ÞDŸK„GFä"=˜ZžޝZ…¬ýßá&ÄîZ4\‡|¸L+*¹Ø#¶À¨d¢ ûȘ±\‡|\‡|¸L•E‡´˜¹Ø#¶À¨d¢ ûȘP_QM¤Ô…ÄBP'h0Ëà¯^ôjË5â{Z(¯.Qt1ÝZŠs“ £óÈiËS;Ý?èüÜ*Ù§‹däȇ`?•­3Ch/ÿû÷ôñ0‚í0‚Õ 	؆ýç’(ª40
	*†H†÷
0
10	UUS0
190201105905Z
200201105905Z0
10	UUS0‚"0
	*†H†÷
‚0‚
‚À‘,#Y÷ˆ¢â@Ùé{Uðö;³»K©à|f.ãëËnY€°öæêhΞW·o\¢ø½n%KHn³Àè[d
ñe«ŒxƒÄ30býç@„´ŒátåíÌÛÿ*,²+¹ÖF•y§E¦bõÉ?’ÍÛÐcžzÀjfiÏãw8±Ù¼J{¸Gh05³&ëL©vìÚ´’O¸^­¾£ƒH€Û[ýY>ꐷâ`Õß/q®W`XÇ)½Þk¼ªR‘ÉϙÎ
hóD'm@nn#BŸ¹¼OëJð#¿ãÁzMEðÍ4RgåG®8œƒâ¹e‘H³èo
O"œç£ý£Yd2k±£P0N0U0ha6Ôµ?л¢üX#8Aa`¹NT0U#0€0ha6Ôµ?л¢üX#8Aa`¹NT0U0ÿ0
	*†H†÷
‚_ÎlA©Iɨd¬Uœ±Á)J+Û¦ùžçƒ*.uû»ébÚ)YÿÇoÆeÀ¸g¥µ¬W–’B˜(-ŽC¨Áú`v¸èðˆœ‰Ó³=:=šòkµ¾dñèþKdCm¶ñ*MY<%éÔð ¦|ýš‚3þXÇ:„Nz’ñ“Áñp?¶ŸZïœR©*¼Õæ–vlà!F\ËF‰÷ˆŠÅÏí_™ø˜k¿“–ñ]Ÿ¢Aš £—ƒÄ4°I]Êqm‚ù'7˜ÐÈcSä¤wT‡™ò5›ÙU€ÐQÎ0ó.6û?
ÞDŸK„GFä"=˜ZžޝZ…¬ýßá&ÄîZ


keyword_perf.log - (10448 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 3/12/2019 -- 13:48:14
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             366681          120             120             5984            3055.00         3055.00         0.00           
  content          2281294         258             139             156347          8842.00         11688.00        5517.00        
  pcre             613616          40              26              398999          15340.00        4748.00         35010.00       
  byte_test        263774          87              63              7649            3031.00         3009.00         3091.00        
  byte_jump        48221           16              16              4125            3013.00         3013.00         0.00           
  isdataat         6419            2               0               3564            3209.00         0.00            3209.00        
  flowbits         96497           28              1               15520           3446.00         7461.00         3297.00        
  urilen           9204            3               1               3100            3068.00         3100.00         3052.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             366681          120             120             5984            3055.00         3055.00         0.00           
  flowbits         89036           27              0               15520           3297.00         0.00            3297.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          874186          183             106             33149           4776.00         4892.00         4617.00        
  pcre             531862          27              25              398999          19698.00        4684.00         207371.00      
  byte_test        263774          87              63              7649            3031.00         3009.00         3091.00        
  byte_jump        44351           15              15              4125            2956.00         2956.00         0.00           
  isdataat         6419            2               0               3564            3209.00         0.00            3209.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         7461            1               1               7461            7461.00         7461.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          14664           4               1               4329            3666.00         4329.00         3445.00        
  urilen           9204            3               1               3100            3068.00         3100.00         3052.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_response_line
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          3690            1               0               3690            3690.00         0.00            3690.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: file_data
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1282068         43              16              156347          29815.00        64910.00        9018.00        
  pcre             62016           11              0               19434           5637.00         0.00            5637.00        
  byte_jump        3870            1               1               3870            3870.00         3870.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          57905           13              7               6303            4454.00         4791.00         4060.00        
  pcre             19738           2               1               13391           9869.00         6347.00         13391.00       
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          16219           4               0               5327            4054.00         0.00            4054.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          2980            1               0               2980            2980.00         0.00            2980.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_stat_code
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          4019            1               1               4019            4019.00         4019.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: tls_cert_subject
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          25563           8               8               4058            3195.00         3195.00         0.00           


suricata-report-2019-03-12-T-13-48-14-03122019.1347-6e534b43-3c93-462c-8ee6-174cd031745f.pcap.txt - (17708 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/b1c703dd8193ec45ba9f990ee65fc49856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/03122019.1347-6e534b43-3c93-462c-8ee6-174cd031745f.pcap -vvv -k none
elapsedtime:21.444246
stderr:
stdout:
12/3/2019 -- 13:47:52 - <Info> - Configuration node 'rule-files' redefined.
12/3/2019 -- 13:47:52 - <Notice> - This is Suricata version 4.0.0 RELEASE
12/3/2019 -- 13:47:52 - <Info> - CPUs/cores online: 1
12/3/2019 -- 13:47:52 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33403 and 'request-body-inspect-window' set to 15797 after randomization.
12/3/2019 -- 13:47:52 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31509 and 'response-body-inspect-window' set to 16597 after randomization.
12/3/2019 -- 13:47:52 - <Config> - DNS request flood protection level: 500
12/3/2019 -- 13:47:52 - <Config> - DNS per flow memcap (state-memcap): 524288
12/3/2019 -- 13:47:52 - <Config> - DNS global memcap: 16777216
12/3/2019 -- 13:47:52 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
12/3/2019 -- 13:47:52 - <Config> - preallocated 1000 hosts of size 136
12/3/2019 -- 13:47:52 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
12/3/2019 -- 13:47:52 - <Config> - using magic-file /usr/share/file/magic
12/3/2019 -- 13:47:52 - <Config> - Core dump size is unlimited.
12/3/2019 -- 13:47:52 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
12/3/2019 -- 13:47:52 - <Config> - preallocated 1000 defrag trackers of size 168
12/3/2019 -- 13:47:52 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
12/3/2019 -- 13:47:52 - <Config> - stream "prealloc-sessions": 2048 (per thread)
12/3/2019 -- 13:47:52 - <Config> - stream "memcap": 33554432
12/3/2019 -- 13:47:52 - <Config> - stream "midstream" session pickups: disabled
12/3/2019 -- 13:47:52 - <Config> - stream "async-oneside": disabled
12/3/2019 -- 13:47:52 - <Config> - stream "checksum-validation": disabled
12/3/2019 -- 13:47:52 - <Config> - stream."inline": disabled
12/3/2019 -- 13:47:52 - <Config> - stream "bypass": disabled
12/3/2019 -- 13:47:52 - <Config> - stream "max-synack-queued": 5
12/3/2019 -- 13:47:52 - <Config> - stream.reassembly "memcap": 134217728
12/3/2019 -- 13:47:52 - <Config> - stream.reassembly "depth": 0
12/3/2019 -- 13:47:52 - <Config> - stream.reassembly "toserver-chunk-size": 2460
12/3/2019 -- 13:47:52 - <Config> - stream.reassembly "toclient-chunk-size": 2565
12/3/2019 -- 13:47:52 - <Config> - stream.reassembly.raw: enabled
12/3/2019 -- 13:47:52 - <Config> - stream.reassembly "segment-prealloc": 2048
12/3/2019 -- 13:47:52 - <Config> - Delayed detect disabled
12/3/2019 -- 13:47:52 - <Config> - pattern matchers: MPM: ac, SPM: bm
12/3/2019 -- 13:47:52 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
12/3/2019 -- 13:47:52 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
12/3/2019 -- 13:47:52 - <Config> - prefilter engines: MPM
12/3/2019 -- 13:47:52 - <Config> - IP reputation disabled
12/3/2019 -- 13:47:52 - <Perf> - Registered 148 keyword profiling counters.
12/3/2019 -- 13:47:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
12/3/2019 -- 13:47:52 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
12/3/2019 -- 13:47:53 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
12/3/2019 -- 13:47:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
12/3/2019 -- 13:47:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
12/3/2019 -- 13:47:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
12/3/2019 -- 13:47:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
12/3/2019 -- 13:47:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
12/3/2019 -- 13:47:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
12/3/2019 -- 13:47:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
12/3/2019 -- 13:47:57 - <Config> - No rules loaded from ET-icmp.rules.
12/3/2019 -- 13:47:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
12/3/2019 -- 13:47:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
12/3/2019 -- 13:47:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
12/3/2019 -- 13:47:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
12/3/2019 -- 13:47:57 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
12/3/2019 -- 13:47:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
12/3/2019 -- 13:47:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
12/3/2019 -- 13:47:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
12/3/2019 -- 13:47:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
12/3/2019 -- 13:47:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
12/3/2019 -- 13:48:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
12/3/2019 -- 13:48:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
12/3/2019 -- 13:48:01 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
12/3/2019 -- 13:48:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
12/3/2019 -- 13:48:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
12/3/2019 -- 13:48:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
12/3/2019 -- 13:48:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
12/3/2019 -- 13:48:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
12/3/2019 -- 13:48:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
12/3/2019 -- 13:48:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
12/3/2019 -- 13:48:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
12/3/2019 -- 13:48:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
12/3/2019 -- 13:48:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
12/3/2019 -- 13:48:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
12/3/2019 -- 13:48:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
12/3/2019 -- 13:48:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
12/3/2019 -- 13:48:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
12/3/2019 -- 13:48:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
12/3/2019 -- 13:48:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
12/3/2019 -- 13:48:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
12/3/2019 -- 13:48:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
12/3/2019 -- 13:48:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
12/3/2019 -- 13:48:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
12/3/2019 -- 13:48:05 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
12/3/2019 -- 13:48:05 - <Config> - No rules loaded from local.rules.
12/3/2019 -- 13:48:05 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
12/3/2019 -- 13:48:05 - <Info> - Threshold config parsed: 0 rule(s) found
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for tcp-packet
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for tcp-stream
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for udp-packet
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for other-ip
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_uri
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_request_line
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_client_body
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_response_line
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_header
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_header
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_header_names
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_header_names
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_accept
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_accept_enc
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_accept_lang
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_referer
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_connection
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_content_len
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_content_len
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_content_type
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_content_type
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_protocol
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_protocol
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_start
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_start
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_raw_header
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_raw_header
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_method
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_cookie
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_cookie
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_raw_uri
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_user_agent
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_host
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_raw_host
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_stat_msg
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_stat_code
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for dns_query
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for tls_sni
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for tls_cert_issuer
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for tls_cert_subject
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for tls_cert_serial
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for dce_stub_data
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for dce_stub_data
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for ssh_protocol
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for ssh_protocol
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for ssh_software
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for ssh_software
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for file_data
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for file_data
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_request_line
12/3/2019 -- 13:48:05 - <Perf> - using shared mpm ctx' for http_response_line
12/3/2019 -- 13:48:05 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
12/3/2019 -- 13:48:05 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
12/3/2019 -- 13:48:06 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
12/3/2019 -- 13:48:06 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
12/3/2019 -- 13:48:06 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
12/3/2019 -- 13:48:06 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
12/3/2019 -- 13:48:06 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
12/3/2019 -- 13:48:06 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
12/3/2019 -- 13:48:10 - <Perf> - Unique rule groups: 104
12/3/2019 -- 13:48:10 - <Perf> - Builtin MPM "toserver TCP packet": 35
12/3/2019 -- 13:48:10 - <Perf> - Builtin MPM "toclient TCP packet": 17
12/3/2019 -- 13:48:10 - <Perf> - Builtin MPM "toserver TCP stream": 33
12/3/2019 -- 13:48:10 - <Perf> - Builtin MPM "toclient TCP stream": 19
12/3/2019 -- 13:48:10 - <Perf> - Builtin MPM "toserver UDP packet": 27
12/3/2019 -- 13:48:10 - <Perf> - Builtin MPM "toclient UDP packet": 17
12/3/2019 -- 13:48:10 - <Perf> - Builtin MPM "other IP packet": 3
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_uri": 14
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_request_line": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_client_body": 6
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toclient http_response_line": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_header": 10
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toclient http_header": 6
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_header_names": 2
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_accept": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_referer": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_content_len": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_content_type": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toclient http_content_type": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_protocol": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_start": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_method": 5
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_cookie": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toclient http_cookie": 2
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver http_host": 2
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver dns_query": 4
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver tls_sni": 2
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toserver file_data": 1
12/3/2019 -- 13:48:10 - <Perf> - AppLayer MPM "toclient file_data": 7
12/3/2019 -- 13:48:12 - <Perf> - Registered 39590 rule profiling counters.
12/3/2019 -- 13:48:12 - <Info> - fast output device (regular) initialized: alert
12/3/2019 -- 13:48:12 - <Info> - eve-log output device (regular) initialized: eve.json
12/3/2019 -- 13:48:12 - <Config> - enabling 'eve-log' module 'alert'
12/3/2019 -- 13:48:12 - <Config> - enabling 'eve-log' module 'http'
12/3/2019 -- 13:48:12 - <Config> - enabling 'eve-log' module 'dns'
12/3/2019 -- 13:48:12 - <Config> - enabling 'eve-log' module 'tls'
12/3/2019 -- 13:48:12 - <Config> - enabling 'eve-log' module 'files'
12/3/2019 -- 13:48:12 - <Config> - enabling 'eve-log' module 'ssh'
12/3/2019 -- 13:48:12 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
12/3/2019 -- 13:48:12 - <Info> - stats output device (regular) initialized: stats.log
12/3/2019 -- 13:48:12 - <Config> - AutoFP mode using "Hash" flow load balancer
12/3/2019 -- 13:48:12 - <Info> - reading pcap file /var/pcap/03122019.1347-6e534b43-3c93-462c-8ee6-174cd031745f.pcap
12/3/2019 -- 13:48:12 - <Config> - us

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2019-03-12-T-13-48-14-03122019.1347-6e534b43-3c93-462c-8ee6-174cd031745f.pcap.txt - (940 bytes) - download
1
2
3
4
03/12/2019-02:31:57.387073  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.216.35.182:8443 -> 192.168.100.162:50047
03/12/2019-02:31:59.461569  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.216.35.182:8443 -> 192.168.100.162:50081
03/12/2019-02:32:00.768115  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.216.35.182:8443 -> 192.168.100.162:50101
03/12/2019-02:33:32.768076  [**] [1:2828823:2] ETPRO TROJAN Observed Possible Malicious SSL Cert (Powershell Empire) [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 185.216.35.182:8443 -> 192.168.100.162:51352


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-03-12 13:47:52,128 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-03-12 13:47:52,835 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-03-12 13:47:52,835 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-03-12 13:47:52,835 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-03-12 13:47:52,835 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-03-12 13:47:52,836 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/b1c703dd8193ec45ba9f990ee65fc49856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/03122019.1347-6e534b43-3c93-462c-8ee6-174cd031745f.pcap -vvv -k none
2019-03-12 13:48:14,283 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-03-12 13:48:14,283 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.1628010273