Filename: hacked_site_setAdsCookie.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 23.8321151733 seconds
Hash: b536aaf4319bb6341ffece74f73254ae
Uploaded: 1571399427

Logfiles


packet_stats.log - (8635 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            80          3883512       99738538      52510754          4.2b  100.00
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            80           123098       11412564       1203491         96.3m   98.86
TMM_RECEIVEPCAPFILE         IPv4       6            80             4442          39312          8299        664.0k    0.68
TMM_DECODEPCAPFILE          IPv4       6            80             4566          41462          5600        448.0k    0.46

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            80             4930         430356         12610          1.0m  1.28  
stream                  IPv4       6            80             5996         921558         50971          4.1m  5.18  
detect                  IPv4       6            80            78940       10172294        902675         72.2m  91.82 
tcp-prune               IPv4       6            80             4478         847466         16856          1.3m  1.71  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             3            22408          84726         47610        142.8k  100.00

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_JSON_HTTP            IPv4       6             3           221394         710202        512346          1.5m  53.27 
LOGGER_JSON_FILE            IPv4       6             3            89024        1143814        449388          1.3m  46.73 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6            34             4540         601880        146017         5.0m  12.19 
stream                            IPv4       6            34             4432        9869804        604875        20.6m  50.48 
http_uri                          IPv4       6             3             8634          62074         28194        84.6k  0.21  
http_request_line                 IPv4       6             3            13100          19314         16781        50.3k  0.12  
http_client_body                  IPv4       6             3             5700         843748        285674       857.0k  2.10  
http_header (request)             IPv4       6             3           211382         533984        331362       994.1k  2.44  
http_header (request trailer)     IPv4       6             3             4516           4716          4582        13.7k  0.03  
http_header_names (request)       IPv4       6             3            34360         463376        179577       538.7k  1.32  
http_accept (request)             IPv4       6             3            12130          29832         20248        60.7k  0.15  
http_referer (request)            IPv4       6             3             5650           7572          6332        19.0k  0.05  
http_content_len (request)        IPv4       6             3             6538          12214          8492        25.5k  0.06  
http_content_type (request)       IPv4       6             3             6188           7106          6516        19.5k  0.05  
http_protocol (request)           IPv4       6             3             9312          10870         10082        30.2k  0.07  
http_start (request)              IPv4       6             3            30478         879512        315990       948.0k  2.33  
http_raw_header (request)         IPv4       6             3            31354          40236         34973       104.9k  0.26  
http_method                       IPv4       6             3            10988          13536         12010        36.0k  0.09  
http_cookie (request)             IPv4       6             3             5460          12560          8046        24.1k  0.06  
http_raw_uri                      IPv4       6             3             5282          10990          7221        21.7k  0.05  
http_user_agent                   IPv4       6             3            69552          79644         75933       227.8k  0.56  
http_host                         IPv4       6             3             9384          12268         11104        33.3k  0.08  
http_response_line                IPv4       6             3            11002          12322         11456        34.4k  0.08  
http_header (response)            IPv4       6            13             4622         473900         50432       655.6k  1.61  
http_header (response trailer)    IPv4       6             3             4524           6008          5340        16.0k  0.04  
http_content_type (response)      IPv4       6            13             4676          26472          9831       127.8k  0.31  
http_raw_header (response)        IPv4       6            15             6776          18144          9560       143.4k  0.35  
http_cookie (response)            IPv4       6            13             4576           6046          4972        64.6k  0.16  
http_stat_code                    IPv4       6            13             4622           7340          5638        73.3k  0.18  
file_data (http response)         IPv4       6            12             5272        6391308        833856        10.0m  24.56 
Total                             IPv4                   207                                        196817        40.7m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             6             5326         220840         52277        313.7k  0.29  
PROF_DETECT_RULES           IPv4       6            80             4676        1378198        117568          9.4m  8.74  
PROF_DETECT_STATEFUL_CONT    IPv4       6            80             4506         209412         13139          1.1m  0.98  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            65             4434         428196         11569        752.0k  0.70  
PROF_DETECT_PREFILTER       IPv4       6            80            14178       10046572        591491         47.3m  43.98 
PROF_DETECT_PF_PAYLOAD      IPv4       6            34            25334        9890070        766284         26.1m  24.21 
PROF_DETECT_PF_TX           IPv4       6            65             4548        6417838        270990         17.6m  16.37 
PROF_DETECT_PF_SORT1        IPv4       6            32             4486         432908         19946        638.3k  0.59  
PROF_DETECT_PF_SORT2        IPv4       6            80             4410          76478          7324        586.0k  0.54  
PROF_DETECT_NONMPMLIST      IPv4       6            80             4464         832008         20794          1.7m  1.55  
PROF_DETECT_ALERT           IPv4       6            80             4416          21600          5169        413.5k  0.38  
PROF_DETECT_CLEANUP         IPv4       6            80             4456          32644          6168        493.5k  0.46  
PROF_DETECT_GETSGH          IPv4       6            80             4454         826566         16119          1.3m  1.20  


suricata-4.0.0-etpro-all-perf.txt-2019-10-18-T-11-50-51-10182019.1150-hacked_site_setAdsCookie.pcap.txt - (18519 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 10/18/2019 -- 11:50:51. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2810793      1        5        918650       17.50  3        0        908818      306216.67   0.00        306216.67  
  2        2804586      1        2        873352       16.63  3        0        861256      291117.33   0.00        291117.33  
  3        2820928      1        2        463472       8.83   3        0        453226      154490.67   0.00        154490.67  
  4        2010513      1        5        454278       8.65   5        0        428056      90855.60    0.00        90855.60   
  5        2816857      1        2        436750       8.32   3        0        424662      145583.33   0.00        145583.33  
  6        2807130      1        4        25992        0.50   1        0        25992       25992.00    0.00        25992.00   
  7        2815907      1        4        21640        0.41   1        0        21640       21640.00    0.00        21640.00   
  8        2020747      1        8        27034        0.51   3        0        13756       9011.33     0.00        9011.33    
  9        2828986      1        2        43684        0.83   6        0        13586       7280.67     0.00        7280.67    
  10       2103070      1        3        23818        0.45   3        0        12160       7939.33     0.00        7939.33    
  11       2016537      1        2        158100       3.01   28       0        9372        5646.43     0.00        5646.43    
  12       2017774      1        9        8484         0.16   1        0        8484        8484.00     0.00        8484.00    
  13       2008420      1        4        38474        0.73   6        0        7722        6412.33     0.00        6412.33    
  14       2828008      1        2        19588        0.37   3        0        7596        6529.33     0.00        6529.33    
  15       2828877      1        1        91482        1.74   16       0        7490        5717.62     0.00        5717.62    
  16       2016948      1        2        22070        0.42   4        0        7416        5517.50     0.00        5517.50    
  17       2102523      1        8        19950        0.38   3        0        7402        6650.00     0.00        6650.00    
  18       2827279      1        5        20782        0.40   3        0        7374        6927.33     0.00        6927.33    
  19       2820811      1        2        17518        0.33   3        0        7242        5839.33     0.00        5839.33    
  20       2102523      1        8        17966        0.34   3        0        7194        5988.67     0.00        5988.67    
  21       2802876      1        3        52120        0.99   10       0        7140        5212.00     0.00        5212.00    
  22       2804626      1        9        19316        0.37   3        0        7086        6438.67     0.00        6438.67    
  23       2826256      1        2        19114        0.36   3        0        7062        6371.33     0.00        6371.33    
  24       2018342      1        2        11932        0.23   2        0        6956        5966.00     0.00        5966.00    
  25       2816102      1        4        6880         0.13   1        0        6880        6880.00     0.00        6880.00    
  26       2018259      1        10       6868         0.13   1        0        6868        6868.00     0.00        6868.00    
  27       2806802      1        2        22508        0.43   4        0        6768        5627.00     0.00        5627.00    
  28       2820855      1        3        17210        0.33   3        0        6734        5736.67     0.00        5736.67    
  29       2020297      1        2        17604        0.34   3        0        6650        5868.00     0.00        5868.00    
  30       2010515      1        6        29196        0.56   5        0        6648        5839.20     0.00        5839.20    
  31       2023083      1        2        18172        0.35   3        0        6628        6057.33     0.00        6057.33    
  32       2019403      1        1        24880        0.47   4        0        6612        6220.00     0.00        6220.00    
  33       2020965      1        2        17074        0.33   3        0        6610        5691.33     0.00        5691.33    
  34       2829848      1        2        32836        0.63   6        0        6568        5472.67     0.00        5472.67    
  35       2012970      1        2        6550         0.12   1        0        6550        6550.00     0.00        6550.00    
  36       2017134      1        5        6502         0.12   1        0        6502        6502.00     0.00        6502.00    
  37       2101529      1        12       17672        0.34   3        0        6434        5890.67     0.00        5890.67    
  38       2824134      1        5        6342         0.12   1        0        6342        6342.00     0.00        6342.00    
  39       2816449      1        2        6296         0.12   1        0        6296        6296.00     0.00        6296.00    
  40       2024650      1        1        6282         0.12   1        0        6282        6282.00     0.00        6282.00    
  41       2807284      1        4        18112        0.34   3        0        6282        6037.33     0.00        6037.33    
  42       2017072      1        3        6270         0.12   1        0        6270        6270.00     0.00        6270.00    
  43       2809272      1        1        11828        0.23   2        0        6266        5914.00     0.00        5914.00    
  44       2811668      1        6        6224         0.12   1        0        6224        6224.00     0.00        6224.00    
  45       2806131      1        3        18412        0.35   3        0        6220        6137.33     0.00        6137.33    
  46       2820931      1        2        16632        0.32   3        0        6212        5544.00     0.00        5544.00    
  47       2019189      1        2        6204         0.12   1        0        6204        6204.00     0.00        6204.00    
  48       2018067      1        3        18460        0.35   3        0        6204        6153.33     0.00        6153.33    
  49       2024771      1        1        18340        0.35   3        0        6164        6113.33     0.00        6113.33    
  50       2100540      1        12       34058        0.65   6        0        6154        5676.33     0.00        5676.33    
  51       2825505      1        1        6146         0.12   1        0        6146        6146.00     0.00        6146.00    
  52       2810614      1        3        6100         0.12   1        0        6100        6100.00     0.00        6100.00    
  53       2823339      1        2        6098         0.12   1        0        6098        6098.00     0.00        6098.00    
  54       2802880      1        3        27582        0.53   5        0        6096        5516.40     0.00        5516.40    
  55       2815269      1        2        6092         0.12   1        0        6092        6092.00     0.00        6092.00    
  56       2100361      1        17       16706        0.32   3        0        6072        5568.67     0.00        5568.67    
  57       2821384      1        2        6000         0.11   1        0        6000        6000.00     0.00        6000.00    
  58       2815475      1        6        5994         0.11   1        0        5994        5994.00     0.00        5994.00    
  59       2100540      1        12       32670        0.62   6        0        5984        5445.00     0.00        5445.00    
  60       2816382      1        1        17292        0.33   3        0        5974        5764.00     0.00        5764.00    
  61       2809481      1        1        33308        0.63   6        0        5974        5551.33     0.00        5551.33    
  62       2828190      1        2        16938        0.32   3        0        5974        5646.00     0.00        5646.00    
  63       2021702      1        1        11612        0.22   2        0        5966        5806.00     0.00        5806.00    
  64       2017552      1        6        153496       2.92   31       0        5960        4951.48     0.00        4951.48    
  65       2021276      1        4        5956         0.11   1        0        5956        5956.00     0.00        5956.00    
  66       2816165      1        5        17766        0.34   3        0        5940        5922.00     0.00        5922.00    
  67       2018768      1        2        32410        0.62   6        0        5938        5401.67     0.00        5401.67    
  68       2025185      1        3        5938         0.11   1        0        5938        5938.00     0.00        5938.00    
  69       2806926      1        3        5922         0.11   1        0        5922        5922.00     0.00        5922.00    
  70       2828876      1        1        34500        0.66   6        0        5920        5750.00     0.00        5750.00    
  71       2829018      1        1        5916         0.11   1        0        5916        5916.00     0.00        5916.00    
  72       2821562      1        3        11534        0.22   2        0        5914        5767.00     0.00        5767.00    
  73       2811447      1        2        16244        0.31   3        0        5914        5414.67     0.00        5414.67    
  74       2829230      1        2        5906         0.11   1        0        5906        5906.00     0.00        5906.00    
  75       2020623      1        3        5896         0.11   1        0        5896        5896.00     0.00        5896.00    
  76       2807202      1        2        5880         0.11   1        0        5880        5880.00     0.00        5880.00    
  77       2814837      1        2        5866         0.11   1        0        5866        5866.00     0.00        5866.00    
  78       2814832      1        2        5862         0.11   1        0        5862        5862.00     0.00        5862.00    
  79       2101888      1        9        16652        0.32   3        0        5852        5550.67     0.00        5550.67    
  80       2816863      1        2        16978        0.32   3        0        5850        5659.33     0.00        5659.33    
  81       2809313      1        2        5848         0.11   1        0        5848        5848.00     0.00        5848.00    
  82       2814446      1        4        5848         0.11   1        0        5848        5848.00     0.00        5848.00    
  83       2021701      1        1        10776        0.21   2        0        5844        5388.00     0.00        5388.00    
  84       2021511      1        2        5824         0.11   1        0        5824        5824.00     0.00        5824.00    
  85       2820932      1        2        5822         0.11   1        0        5822        5822.00     0.00        5822.00    
  86       2008955      1        7        17226        0.33   3        0        5812        5742.00     0.00        5742.00    
  87       2008073      1        15       16612        0.32   3        0        5808        5537.33     0.00        5537.33    
  88       2814845      1        1        5800         0.11   1        0        5800        5800.00     0.00        5800.00    
  89       2823601      1        2        5794         0.11   1        0        5794        5794.00     0.00        5794.00    
  90       2823453      1        2        5786         0.11   1        0        5786        5786.00     0.00        5786.00    
  91       2828968      1        1        5786         0.11   1        0        5786        5786.00     0.00        5786.00    
  92       2012173      1        2        5760         0.11   1        0        5760        5760.00     0.00        5760.00    
  93       2815954      1        3        5740         0.11   1        0        5740        5740.00     0.00        5740.00    
  94       2827748      1        2        5734         0.11   1        0        5734        5734.00     0.00        5734.00    
  95       2022502      1        4        17018        0.32   3        0        5726        5672.67     0.00        5672.67    
  96       2813070      1        4        5688         0.11   1        0        5688        5688.00     0.00        5688.00    
  97       2808004      1        5        5684         0.11   1        0        5684        5684.00     0.00        5684.00    
  98       2805058      1        3        10426        0.20   2        0        5670        5213.00     0.00        5213.00    
  99       2828865      1        2        5650         0.11   1        0        5650        5650.00     0.00        5650.00    
  100      2017499      1        2        5614         0.11   1        0        5614        5614.00     0.00        5614.00    
  101      2815901      1        4        5596         0.11   1        0        5596        5596.00     0.00        5596.00    
  102      2811274      1        7        5592         0.11   1        0        5592        5592.00     0.00        5592.00    
  103      2017731      1        3        5580         0.11   1        0        5580        5580.00     0.00        5580.00    
  104      2808755      1        5        5572         0.11   1        0        5572        5572.00     0.00        5572.00    
  105      2822527      1        2        5556         0.11   1        0        5556        5556.00     0.00        5556.00    
  106      2016567      1        6        5554         0.11   1        0        5554        5554.00     0.00        5554.00    
  107      2017191      1        3        5552         0.11   1        0        5552        5552.00     0.00        5552.00    
  108      2821646      1        2        5534         0.11   1        0        5534        5534.00     0.00        5534.00    
  109      2826092      1        2        5528         0.11   1        0        5528        5528.00     0.00        5528.00    
  110      2809163      1        4        5524         0.11   1        0        5524        5524.00     0.00        5524.00    
  111      2815748      1        2        5520         0.11   1        0        5520        5520.00     0.00        5520.00    
  112      2828863      1        2        5518         0.11   1        0        5518        5518.00     0.00        5518.00    
  113      2101623      1        7        15136        0.29   3        0        5514        5045.33     0.00        5045.33    
  114      2101734      1        36       5512         0.10   1        0        5512        5512.00     0.00        5512.00    
  115      2816840      1        3        5494         0.10   1        0        5494        5494.00     0.00        5494.00    
  116      2014934      1        3        5494         0.10   1        0        5494        5494.00     0.00        5494.00    
  117      2017502      1        2        5494         0.10   1        0        5494        5494.00     0.00        5494.00    
  118      2022552      1        2        5458         0.10   1        0        5458        5458.00     0.00        5458.00    
  119      2822367      1        2        5446         0.10   1        0        5446        5446.00     0.00        5446.00    
  120      2019091      1        3        5348         0.10   1        0        5348        5348.00     0.00        5348.00    
  121      2810792      1        5        5308         0.10   1        0        5308        5308.00     0.00        5308.00    
  122      2017703      1        3        5304         0.10   1        0        5304        5304.00     0.00        5304.00    
  123      2810795      1        5        15678        0.30   3        0        5258        5226.00     0.00        5226.00    
  124      2017501      1        2        5186         0.10   1        0        5186        5186.00     0.00        5186.00    
  125      2820923      1        2        

This file has been truncated. Go here to download in full.


suricata-report-2019-10-18-T-11-50-51-10182019.1150-hacked_site_setAdsCookie.pcap.txt - (17895 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/b536aaf4319bb6341ffece74f73254ae56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/10182019.1150-hacked_site_setAdsCookie.pcap -vvv -k none
elapsedtime:22.808962
stderr:
stdout:
18/10/2019 -- 11:50:28 - <Info> - Configuration node 'rule-files' redefined.
18/10/2019 -- 11:50:28 - <Notice> - This is Suricata version 4.0.0 RELEASE
18/10/2019 -- 11:50:28 - <Info> - CPUs/cores online: 1
18/10/2019 -- 11:50:28 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33149 and 'request-body-inspect-window' set to 17171 after randomization.
18/10/2019 -- 11:50:28 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33503 and 'response-body-inspect-window' set to 16198 after randomization.
18/10/2019 -- 11:50:28 - <Config> - DNS request flood protection level: 500
18/10/2019 -- 11:50:28 - <Config> - DNS per flow memcap (state-memcap): 524288
18/10/2019 -- 11:50:28 - <Config> - DNS global memcap: 16777216
18/10/2019 -- 11:50:28 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
18/10/2019 -- 11:50:28 - <Config> - preallocated 1000 hosts of size 136
18/10/2019 -- 11:50:28 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
18/10/2019 -- 11:50:28 - <Config> - using magic-file /usr/share/file/magic
18/10/2019 -- 11:50:28 - <Config> - Core dump size is unlimited.
18/10/2019 -- 11:50:28 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
18/10/2019 -- 11:50:28 - <Config> - preallocated 1000 defrag trackers of size 168
18/10/2019 -- 11:50:28 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
18/10/2019 -- 11:50:28 - <Config> - stream "prealloc-sessions": 2048 (per thread)
18/10/2019 -- 11:50:28 - <Config> - stream "memcap": 33554432
18/10/2019 -- 11:50:28 - <Config> - stream "midstream" session pickups: disabled
18/10/2019 -- 11:50:28 - <Config> - stream "async-oneside": disabled
18/10/2019 -- 11:50:28 - <Config> - stream "checksum-validation": disabled
18/10/2019 -- 11:50:28 - <Config> - stream."inline": disabled
18/10/2019 -- 11:50:28 - <Config> - stream "bypass": disabled
18/10/2019 -- 11:50:28 - <Config> - stream "max-synack-queued": 5
18/10/2019 -- 11:50:28 - <Config> - stream.reassembly "memcap": 134217728
18/10/2019 -- 11:50:28 - <Config> - stream.reassembly "depth": 0
18/10/2019 -- 11:50:28 - <Config> - stream.reassembly "toserver-chunk-size": 2470
18/10/2019 -- 11:50:28 - <Config> - stream.reassembly "toclient-chunk-size": 2522
18/10/2019 -- 11:50:28 - <Config> - stream.reassembly.raw: enabled
18/10/2019 -- 11:50:28 - <Config> - stream.reassembly "segment-prealloc": 2048
18/10/2019 -- 11:50:28 - <Config> - Delayed detect disabled
18/10/2019 -- 11:50:28 - <Config> - pattern matchers: MPM: ac, SPM: bm
18/10/2019 -- 11:50:28 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
18/10/2019 -- 11:50:28 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
18/10/2019 -- 11:50:28 - <Config> - prefilter engines: MPM
18/10/2019 -- 11:50:28 - <Config> - IP reputation disabled
18/10/2019 -- 11:50:28 - <Perf> - Registered 148 keyword profiling counters.
18/10/2019 -- 11:50:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
18/10/2019 -- 11:50:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
18/10/2019 -- 11:50:28 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
18/10/2019 -- 11:50:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
18/10/2019 -- 11:50:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
18/10/2019 -- 11:50:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
18/10/2019 -- 11:50:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
18/10/2019 -- 11:50:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
18/10/2019 -- 11:50:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
18/10/2019 -- 11:50:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
18/10/2019 -- 11:50:33 - <Config> - No rules loaded from ET-icmp.rules.
18/10/2019 -- 11:50:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
18/10/2019 -- 11:50:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
18/10/2019 -- 11:50:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
18/10/2019 -- 11:50:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
18/10/2019 -- 11:50:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
18/10/2019 -- 11:50:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
18/10/2019 -- 11:50:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
18/10/2019 -- 11:50:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
18/10/2019 -- 11:50:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
18/10/2019 -- 11:50:34 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
18/10/2019 -- 11:50:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
18/10/2019 -- 11:50:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
18/10/2019 -- 11:50:37 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
18/10/2019 -- 11:50:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
18/10/2019 -- 11:50:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
18/10/2019 -- 11:50:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
18/10/2019 -- 11:50:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
18/10/2019 -- 11:50:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
18/10/2019 -- 11:50:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
18/10/2019 -- 11:50:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
18/10/2019 -- 11:50:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
18/10/2019 -- 11:50:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
18/10/2019 -- 11:50:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
18/10/2019 -- 11:50:39 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
18/10/2019 -- 11:50:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
18/10/2019 -- 11:50:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
18/10/2019 -- 11:50:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
18/10/2019 -- 11:50:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
18/10/2019 -- 11:50:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
18/10/2019 -- 11:50:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
18/10/2019 -- 11:50:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
18/10/2019 -- 11:50:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
18/10/2019 -- 11:50:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
18/10/2019 -- 11:50:41 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
18/10/2019 -- 11:50:41 - <Config> - No rules loaded from local.rules.
18/10/2019 -- 11:50:41 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
18/10/2019 -- 11:50:41 - <Info> - Threshold config parsed: 0 rule(s) found
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for tcp-packet
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for tcp-stream
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for udp-packet
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for other-ip
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_uri
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_request_line
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_client_body
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_response_line
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_header
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_header
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_header_names
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_header_names
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_accept
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_accept_enc
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_accept_lang
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_referer
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_connection
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_content_len
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_content_len
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_content_type
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_content_type
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_protocol
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_protocol
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_start
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_start
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_raw_header
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_raw_header
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_method
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_cookie
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_cookie
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_raw_uri
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_user_agent
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_host
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_raw_host
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_stat_msg
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_stat_code
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for dns_query
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for tls_sni
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for tls_cert_issuer
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for tls_cert_subject
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for tls_cert_serial
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for dce_stub_data
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for dce_stub_data
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for ssh_protocol
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for ssh_protocol
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for ssh_software
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for ssh_software
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for file_data
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for file_data
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_request_line
18/10/2019 -- 11:50:42 - <Perf> - using shared mpm ctx' for http_response_line
18/10/2019 -- 11:50:42 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
18/10/2019 -- 11:50:42 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
18/10/2019 -- 11:50:42 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
18/10/2019 -- 11:50:42 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
18/10/2019 -- 11:50:42 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
18/10/2019 -- 11:50:42 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
18/10/2019 -- 11:50:42 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
18/10/2019 -- 11:50:42 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
18/10/2019 -- 11:50:47 - <Perf> - Unique rule groups: 104
18/10/2019 -- 11:50:47 - <Perf> - Builtin MPM "toserver TCP packet": 35
18/10/2019 -- 11:50:47 - <Perf> - Builtin MPM "toclient TCP packet": 17
18/10/2019 -- 11:50:47 - <Perf> - Builtin MPM "toserver TCP stream": 33
18/10/2019 -- 11:50:47 - <Perf> - Builtin MPM "toclient TCP stream": 19
18/10/2019 -- 11:50:47 - <Perf> - Builtin MPM "toserver UDP packet": 27
18/10/2019 -- 11:50:47 - <Perf> - Builtin MPM "toclient UDP packet": 17
18/10/2019 -- 11:50:47 - <Perf> - Builtin MPM "other IP packet": 3
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_uri": 14
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_request_line": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_client_body": 6
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toclient http_response_line": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_header": 10
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toclient http_header": 6
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_header_names": 2
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_accept": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_referer": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_content_len": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_content_type": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toclient http_content_type": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_protocol": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_start": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_method": 5
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_cookie": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toclient http_cookie": 2
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver http_host": 2
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver dns_query": 4
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver tls_sni": 2
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toserver file_data": 1
18/10/2019 -- 11:50:47 - <Perf> - AppLayer MPM "toclient file_data": 7
18/10/2019 -- 11:50:50 - <Perf> - Registered 39590 rule profiling counters.
18/10/2019 -- 11:50:50 - <Info> - fast output device (regular) initialized: alert
18/10/2019 -- 11:50:50 - <Info> - eve-log output device (regular) initialized: eve.json
18/10/2019 -- 11:50:50 - <Config> - enabling 'eve-log' module 'alert'
18/10/2019 -- 11:50:50 - <Config> - enabling 'eve-log' module 'http'
18/10/2019 -- 11:50:50 - <Config> - enabling 'eve-log' module 'dns'
18/10/2019 -- 11:50:50 - <Config> - enabling 'eve-log' module 'tls'
18/10/2019 -- 11:50:50 - <Config> - enabling 'eve-log' module 'files'
18/10/2019 -- 11:50:50 - <Config> - enabling 'eve-log' module 'ssh'
18/10/2019 -- 11:50:50 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
18/10/2019 -- 11:50:50 - <Info> - stats output device (regular) initialized: stats.log
18/10/2019 -- 11:50:50 - <Config> - AutoFP mode usi

This file has been truncated. Go here to download in full.


stats.log - (2304 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
------------------------------------------------------------------------------------
Date: 10/18/2019 -- 11:50:51 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 86
decoder.bytes                              | Total                     | 92430
decoder.ipv4                               | Total                     | 80
decoder.null                               | Total                     | 86
decoder.tcp                                | Total                     | 80
decoder.avg_pkt_size                       | Total                     | 1074
decoder.max_pkt_size                       | Total                     | 8248
flow.tcp                                   | Total                     | 3
tcp.sessions                               | Total                     | 3
tcp.syn                                    | Total                     | 3
tcp.synack                                 | Total                     | 3
detect.mpm_list                            | Total                     | 3
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 4
app_layer.flow.http                        | Total                     | 3
app_layer.tx.http                          | Total                     | 3
flow.spare                                 | Total                     | 9998
flow_mgr.flows_checked                     | Total                     | 1
flow_mgr.flows_notimeout                   | Total                     | 1
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65535
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074592


eve.json - (3320 bytes) - download
1
2
3
4
5
6
{"timestamp":"2019-10-18T11:49:28.297815+0000","flow_id":1731158086288750,"pcap_cnt":22,"event_type":"http","src_ip":"127.0.0.1","src_port":54859,"dest_ip":"127.0.0.1","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"localhost","url":"\/","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.120 Safari\/537.36","http_content_type":"text\/html"}}
{"timestamp":"2019-10-18T11:49:28.297866+0000","flow_id":1731158086288750,"pcap_cnt":23,"event_type":"fileinfo","src_ip":"127.0.0.1","src_port":80,"dest_ip":"127.0.0.1","dest_port":54859,"proto":"TCP","http":{"hostname":"localhost","url":"\/","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.120 Safari\/537.36","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":622},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":622,"tx_id":0}}
{"timestamp":"2019-10-18T11:49:39.512004+0000","flow_id":607749261216867,"pcap_cnt":44,"event_type":"http","src_ip":"127.0.0.1","src_port":54862,"dest_ip":"127.0.0.1","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"localhost","url":"\/","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.120 Safari\/537.36","http_content_type":"text\/html"}}
{"timestamp":"2019-10-18T11:49:39.512041+0000","flow_id":607749261216867,"pcap_cnt":45,"event_type":"fileinfo","src_ip":"127.0.0.1","src_port":80,"dest_ip":"127.0.0.1","dest_port":54862,"proto":"TCP","http":{"hostname":"localhost","url":"\/","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.120 Safari\/537.36","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":622},"app_proto":"http","fileinfo":{"filename":"\/","gaps":false,"state":"CLOSED","stored":false,"size":622,"tx_id":0}}
{"timestamp":"2019-10-18T11:49:43.225122+0000","flow_id":2068360264641413,"pcap_cnt":82,"event_type":"http","src_ip":"127.0.0.1","src_port":54864,"dest_ip":"127.0.0.1","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"localhost","url":"\/197f497f158f322d858407804a399aea11fe06a92f4c0b47c597c0233bf4d553.html","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.120 Safari\/537.36","http_content_type":"text\/html"}}
{"timestamp":"2019-10-18T11:49:43.225164+0000","flow_id":2068360264641413,"pcap_cnt":83,"event_type":"fileinfo","src_ip":"127.0.0.1","src_port":80,"dest_ip":"127.0.0.1","dest_port":54864,"proto":"TCP","http":{"hostname":"localhost","url":"\/197f497f158f322d858407804a399aea11fe06a92f4c0b47c597c0233bf4d553.html","http_user_agent":"Mozilla\/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/77.0.3865.120 Safari\/537.36","http_content_type":"text\/html","http_method":"GET","protocol":"HTTP\/1.1","status":200,"length":84051},"app_proto":"http","fileinfo":{"filename":"\/197f497f158f322d858407804a399aea11fe06a92f4c0b47c597c0233bf4d553.html","gaps":false,"state":"CLOSED","stored":false,"size":84051,"tx_id":0}}


keyword_perf.log - (707 bytes) - download
1
2
3
4
5
6
7
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 10/18/2019 -- 11:50:51
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 


IDSDeathBlossom.py.log - (1164 bytes) - download
1
2
3
4
5
6
7
8
2019-10-18 11:50:27,888 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-10-18 11:50:28,674 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-10-18 11:50:28,674 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-10-18 11:50:28,674 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-10-18 11:50:28,674 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-10-18 11:50:28,675 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/b536aaf4319bb6341ffece74f73254ae56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/10182019.1150-hacked_site_setAdsCookie.pcap -vvv -k none
2019-10-18 11:50:51,487 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-10-18 11:50:51,488 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 23.6082949638