Filename: 750d9eecd533f89b8aa13aeab173a1cf813b021b6824bc30e60f5db6fa7b950b.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 22.4973518848 seconds
Hash: bf1750cdcde481eb1d62a29e61b31554
Uploaded: 1564359026

Logfiles


suricata-4.0.0-etpro-all-alert-2019-07-29-T-00-10-49-07292019.0010-750d9eecd533f89b8aa13aeab173a1cf813b021b6824bc30e60f5db6fa7b950b.pcap.txt - (513 bytes) - download
1
2
3
14.077175  [**] [1:2829965:2] ETPRO TROJAN APT15 BS2005 DNS Lookup 1 [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 10.0.2.15:1048 -> 8.8.8.8:53
19.644700  [**] [1:2829966:2] ETPRO TROJAN APT15 BS2005 DNS Lookup 2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 10.0.2.15:1048 -> 8.8.8.8:53
22.845642  [**] [1:2829966:2] ETPRO TROJAN APT15 BS2005 DNS Lookup 2 [**] [Classification: A Network Trojan was detected] [Priority: 1] {UDP} 10.0.2.15:1048 -> 8.8.8.8:53


packet_stats.log - (9547 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1            41          6143314       59905838      40503204          1.7b   46.51
 IPv4       2             2          6272134        8191158       7231646         14.5m    0.41
 IPv4      17            51          3653564       59781228      37168913          1.9b   53.09
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1            41           124066        2623720        305985         12.5m   21.58
TMM_FLOWWORKER              IPv4       2             2           137872         171798        154835        309.7k    0.53
TMM_FLOWWORKER              IPv4      17            51           279370        9465558        868626         44.3m   76.22
TMM_RECEIVEPCAPFILE         IPv4       1            41             4466           6036          4954        203.1k    0.35
TMM_RECEIVEPCAPFILE         IPv4       2             2             4472           4554          4513          9.0k    0.02
TMM_RECEIVEPCAPFILE         IPv4      17            51             4454           6520          4900        249.9k    0.43
TMM_DECODEPCAPFILE          IPv4       1            41             4594          17492          5299        217.3k    0.37
TMM_DECODEPCAPFILE          IPv4       2             2             4846           5374          5110         10.2k    0.02
TMM_DECODEPCAPFILE          IPv4      17            51             4596          29492          5430        276.9k    0.48

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1            37             4840          28890          6103        225.8k  0.45  
flow                    IPv4      17            51             4742          29320          6232        317.9k  0.63  
app-layer               IPv4      17            51             4438          58132          9118        465.0k  0.92  
detect                  IPv4       1            41           105016        2610556        285733         11.7m  23.10 
detect                  IPv4       2             2           128486         162140        145313        290.6k  0.57  
detect                  IPv4      17            51           251734        9430102        739070         37.7m  74.33 
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
dns                     IPv4      17             7             8812          22894         12082         84.6k  100.00
Proto detect            IPv4      17            12             4912          36170         13931        167.2k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4      17             3            34818         583948        225210        675.6k  21.34 
LOGGER_UNIFIED2             IPv4      17             3            48724         124248         75179        225.5k  7.12  
LOGGER_JSON_ALERT           IPv4      17             3            57338         586914        387706          1.2m  36.73 
LOGGER_JSON_DNS             IPv4      17             6            34874         492562        183694          1.1m  34.81 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1            41             5440          30120         10661       437.1k  20.52 
payload                           IPv4      17            51             6224         544772         32270         1.6m  77.27 
dns_query                         IPv4      17             3            14868          16528         15648        46.9k  2.20  
Total                             IPv4                    95                                         22419         2.1m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             6            41922          64930         48862        293.2k  0.60  
PROF_DETECT_IPONLY          IPv4       2             2            46196          62162         54179        108.4k  0.22  
PROF_DETECT_IPONLY          IPv4      17             8            14696         116466         59019        472.2k  0.97  
PROF_DETECT_RULES           IPv4       1            41            13382        2424212        120661          4.9m  10.18 
PROF_DETECT_RULES           IPv4       2             2             4458           6532          5495         11.0k  0.02  
PROF_DETECT_RULES           IPv4      17            51           131952        9290498        500556         25.5m  52.53 
PROF_DETECT_STATEFUL_START    IPv4      17             3            16630          20304         19040         57.1k  0.12  
PROF_DETECT_STATEFUL_CONT    IPv4       1            41             4400         424116         15001        615.0k  1.27  
PROF_DETECT_STATEFUL_CONT    IPv4       2             2             4428           5506          4967          9.9k  0.02  
PROF_DETECT_STATEFUL_CONT    IPv4      17            51             4470          54284          6790        346.3k  0.71  
PROF_DETECT_STATEFUL_UPDATE    IPv4      17             6             4576           6314          5380         32.3k  0.07  
PROF_DETECT_PREFILTER       IPv4       1            41            32526         866664         61986          2.5m  5.23  
PROF_DETECT_PREFILTER       IPv4       2             2            13746          18334         16040         32.1k  0.07  
PROF_DETECT_PREFILTER       IPv4      17            51            42816         878972        110110          5.6m  11.56 
PROF_DETECT_PF_PAYLOAD      IPv4       1            41            14642         845846         40831          1.7m  3.44  
PROF_DETECT_PF_PAYLOAD      IPv4      17            51            15344         553976         42056          2.1m  4.41  
PROF_DETECT_PF_TX           IPv4      17             3            24162          29814         26376         79.1k  0.16  
PROF_DETECT_PF_SORT1        IPv4       1             5             4620          18388          8153         40.8k  0.08  
PROF_DETECT_PF_SORT1        IPv4      17            51             4752          27200          7181        366.3k  0.75  
PROF_DETECT_PF_SORT2        IPv4       1            41             4438           5932          4742        194.4k  0.40  
PROF_DETECT_PF_SORT2        IPv4       2             2             4522           5856          5189         10.4k  0.02  
PROF_DETECT_PF_SORT2        IPv4      17            51             4520          19724          5305        270.6k  0.56  
PROF_DETECT_NONMPMLIST      IPv4       1            41             4408           6110          4716        193.4k  0.40  
PROF_DETECT_NONMPMLIST      IPv4       2             2             4504           6084          5294         10.6k  0.02  
PROF_DETECT_NONMPMLIST      IPv4      17            51             4454         422854         13448        685.9k  1.41  
PROF_DETECT_ALERT           IPv4       1            41             4408         424220         14957        613.2k  1.26  
PROF_DETECT_ALERT           IPv4       2             2             4534           4710          4622          9.2k  0.02  
PROF_DETECT_ALERT           IPv4      17            51             4430          12646          5133        261.8k  0.54  
PROF_DETECT_CLEANUP         IPv4       1            41             4438           6862          4760        195.2k  0.40  
PROF_DETECT_CLEANUP         IPv4       2             2             4438           4492          4465          8.9k  0.02  
PROF_DETECT_CLEANUP         IPv4      17            51             4414         424828         13313        679.0k  1.40  
PROF_DETECT_GETSGH          IPv4       1            41             4428           6756          4897        200.8k  0.41  
PROF_DETECT_GETSGH          IPv4       2             2             4694           6354          5524         11.0k  0.02  
PROF_DETECT_GETSGH          IPv4      17            51             4420          37612          6634        338.4k  0.70  


suricata-report-2019-07-29-T-00-10-49-07292019.0010-750d9eecd533f89b8aa13aeab173a1cf813b021b6824bc30e60f5db6fa7b950b.pcap.txt - (17762 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/bf1750cdcde481eb1d62a29e61b3155456b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07292019.0010-750d9eecd533f89b8aa13aeab173a1cf813b021b6824bc30e60f5db6fa7b950b.pcap -vvv -k none
elapsedtime:21.534008
stderr:
stdout:
29/7/2019 -- 00:10:27 - <Info> - Configuration node 'rule-files' redefined.
29/7/2019 -- 00:10:27 - <Notice> - This is Suricata version 4.0.0 RELEASE
29/7/2019 -- 00:10:27 - <Info> - CPUs/cores online: 1
29/7/2019 -- 00:10:27 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33026 and 'request-body-inspect-window' set to 17001 after randomization.
29/7/2019 -- 00:10:27 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 33025 and 'response-body-inspect-window' set to 15688 after randomization.
29/7/2019 -- 00:10:27 - <Config> - DNS request flood protection level: 500
29/7/2019 -- 00:10:27 - <Config> - DNS per flow memcap (state-memcap): 524288
29/7/2019 -- 00:10:27 - <Config> - DNS global memcap: 16777216
29/7/2019 -- 00:10:27 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
29/7/2019 -- 00:10:27 - <Config> - preallocated 1000 hosts of size 136
29/7/2019 -- 00:10:27 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
29/7/2019 -- 00:10:27 - <Config> - using magic-file /usr/share/file/magic
29/7/2019 -- 00:10:27 - <Config> - Core dump size is unlimited.
29/7/2019 -- 00:10:27 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
29/7/2019 -- 00:10:27 - <Config> - preallocated 1000 defrag trackers of size 168
29/7/2019 -- 00:10:27 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
29/7/2019 -- 00:10:27 - <Config> - stream "prealloc-sessions": 2048 (per thread)
29/7/2019 -- 00:10:27 - <Config> - stream "memcap": 33554432
29/7/2019 -- 00:10:27 - <Config> - stream "midstream" session pickups: disabled
29/7/2019 -- 00:10:27 - <Config> - stream "async-oneside": disabled
29/7/2019 -- 00:10:27 - <Config> - stream "checksum-validation": disabled
29/7/2019 -- 00:10:27 - <Config> - stream."inline": disabled
29/7/2019 -- 00:10:27 - <Config> - stream "bypass": disabled
29/7/2019 -- 00:10:27 - <Config> - stream "max-synack-queued": 5
29/7/2019 -- 00:10:27 - <Config> - stream.reassembly "memcap": 134217728
29/7/2019 -- 00:10:27 - <Config> - stream.reassembly "depth": 0
29/7/2019 -- 00:10:27 - <Config> - stream.reassembly "toserver-chunk-size": 2566
29/7/2019 -- 00:10:27 - <Config> - stream.reassembly "toclient-chunk-size": 2606
29/7/2019 -- 00:10:27 - <Config> - stream.reassembly.raw: enabled
29/7/2019 -- 00:10:27 - <Config> - stream.reassembly "segment-prealloc": 2048
29/7/2019 -- 00:10:27 - <Config> - Delayed detect disabled
29/7/2019 -- 00:10:27 - <Config> - pattern matchers: MPM: ac, SPM: bm
29/7/2019 -- 00:10:27 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
29/7/2019 -- 00:10:27 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
29/7/2019 -- 00:10:27 - <Config> - prefilter engines: MPM
29/7/2019 -- 00:10:27 - <Config> - IP reputation disabled
29/7/2019 -- 00:10:27 - <Perf> - Registered 148 keyword profiling counters.
29/7/2019 -- 00:10:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
29/7/2019 -- 00:10:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
29/7/2019 -- 00:10:27 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
29/7/2019 -- 00:10:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
29/7/2019 -- 00:10:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
29/7/2019 -- 00:10:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
29/7/2019 -- 00:10:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
29/7/2019 -- 00:10:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
29/7/2019 -- 00:10:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
29/7/2019 -- 00:10:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
29/7/2019 -- 00:10:32 - <Config> - No rules loaded from ET-icmp.rules.
29/7/2019 -- 00:10:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
29/7/2019 -- 00:10:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
29/7/2019 -- 00:10:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
29/7/2019 -- 00:10:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
29/7/2019 -- 00:10:32 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
29/7/2019 -- 00:10:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
29/7/2019 -- 00:10:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
29/7/2019 -- 00:10:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
29/7/2019 -- 00:10:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
29/7/2019 -- 00:10:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
29/7/2019 -- 00:10:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
29/7/2019 -- 00:10:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
29/7/2019 -- 00:10:36 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
29/7/2019 -- 00:10:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
29/7/2019 -- 00:10:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
29/7/2019 -- 00:10:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
29/7/2019 -- 00:10:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
29/7/2019 -- 00:10:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
29/7/2019 -- 00:10:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
29/7/2019 -- 00:10:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
29/7/2019 -- 00:10:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
29/7/2019 -- 00:10:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
29/7/2019 -- 00:10:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
29/7/2019 -- 00:10:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
29/7/2019 -- 00:10:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
29/7/2019 -- 00:10:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
29/7/2019 -- 00:10:38 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
29/7/2019 -- 00:10:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
29/7/2019 -- 00:10:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
29/7/2019 -- 00:10:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
29/7/2019 -- 00:10:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
29/7/2019 -- 00:10:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
29/7/2019 -- 00:10:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
29/7/2019 -- 00:10:40 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
29/7/2019 -- 00:10:40 - <Config> - No rules loaded from local.rules.
29/7/2019 -- 00:10:40 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
29/7/2019 -- 00:10:40 - <Info> - Threshold config parsed: 0 rule(s) found
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for tcp-packet
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for tcp-stream
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for udp-packet
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for other-ip
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_uri
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_request_line
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_client_body
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_response_line
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_header
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_header
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_header_names
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_header_names
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_accept
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_accept_enc
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_accept_lang
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_referer
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_connection
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_content_len
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_content_len
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_content_type
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_content_type
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_protocol
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_protocol
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_start
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_start
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_raw_header
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_raw_header
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_method
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_cookie
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_cookie
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_raw_uri
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_user_agent
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_host
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_raw_host
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_stat_msg
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_stat_code
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for dns_query
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for tls_sni
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for tls_cert_issuer
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for tls_cert_subject
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for tls_cert_serial
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for dce_stub_data
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for dce_stub_data
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for ssh_protocol
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for ssh_protocol
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for ssh_software
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for ssh_software
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for file_data
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for file_data
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_request_line
29/7/2019 -- 00:10:40 - <Perf> - using shared mpm ctx' for http_response_line
29/7/2019 -- 00:10:40 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
29/7/2019 -- 00:10:40 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
29/7/2019 -- 00:10:41 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
29/7/2019 -- 00:10:41 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
29/7/2019 -- 00:10:41 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
29/7/2019 -- 00:10:41 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
29/7/2019 -- 00:10:41 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
29/7/2019 -- 00:10:41 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
29/7/2019 -- 00:10:45 - <Perf> - Unique rule groups: 104
29/7/2019 -- 00:10:45 - <Perf> - Builtin MPM "toserver TCP packet": 35
29/7/2019 -- 00:10:45 - <Perf> - Builtin MPM "toclient TCP packet": 17
29/7/2019 -- 00:10:45 - <Perf> - Builtin MPM "toserver TCP stream": 33
29/7/2019 -- 00:10:45 - <Perf> - Builtin MPM "toclient TCP stream": 19
29/7/2019 -- 00:10:45 - <Perf> - Builtin MPM "toserver UDP packet": 27
29/7/2019 -- 00:10:45 - <Perf> - Builtin MPM "toclient UDP packet": 17
29/7/2019 -- 00:10:45 - <Perf> - Builtin MPM "other IP packet": 3
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_uri": 14
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_request_line": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_client_body": 6
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toclient http_response_line": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_header": 10
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toclient http_header": 6
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_header_names": 2
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_accept": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_referer": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_content_len": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_content_type": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toclient http_content_type": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_protocol": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_start": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_method": 5
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_cookie": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toclient http_cookie": 2
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver http_host": 2
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver dns_query": 4
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver tls_sni": 2
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toserver file_data": 1
29/7/2019 -- 00:10:45 - <Perf> - AppLayer MPM "toclient file_data": 7
29/7/2019 -- 00:10:48 - <Perf> - Registered 39590 rule profiling counters.
29/7/2019 -- 00:10:48 - <Info> - fast output device (regular) initialized: alert
29/7/2019 -- 00:10:48 - <Info> - eve-log output device (regular) initialized: eve.json
29/7/2019 -- 00:10:48 - <Config> - enabling 'eve-log' module 'alert'
29/7/2019 -- 00:10:48 - <Config> - enabling 'eve-log' module 'http'
29/7/2019 -- 00:10:48 - <Config> - enabling 'eve-log' module 'dns'
29/7/2019 -- 00:10:48 - <Config> - enabling 'eve-log' module 'tls'
29/7/2019 -- 00:10:48 - <Config> - enabling 'eve-log' module 'files'
29/7/2019 -- 00:10:48 - <Config> - enabling 'eve-log' module 'ssh'
29/7/2019 -- 00:10:48 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
29/7/2019 -- 00:10:48 - <Info> - stats output device (regular) initialized: stats.log
29/7/2019 -- 00:10:48 - <Config> - AutoFP mode using "Hash" flow load balancer
29/7/2019 -- 00:10:48 - <Info> - reading pcap file /var/pcap/07292019.0010-750d9eecd533f89b8aa13aeab173a1cf813b021b6824bc30e60

This file has been truncated. Go here to download in full.


stats.log - (2456 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
------------------------------------------------------------------------------------
Date: 7/29/2019 -- 00:10:49 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 100
decoder.bytes                              | Total                     | 16980
decoder.invalid                            | Total                     | 1
decoder.ipv4                               | Total                     | 94
decoder.ethernet                           | Total                     | 100
decoder.udp                                | Total                     | 51
decoder.icmpv4                             | Total                     | 41
decoder.avg_pkt_size                       | Total                     | 169
decoder.max_pkt_size                       | Total                     | 590
flow.udp                                   | Total                     | 7
decoder.ethernet.pkt_too_small             | Total                     | 1
detect.alert                               | Total                     | 3
detect.mpm_list                            | Total                     | 10
detect.nonmpm_list                         | Total                     | 1
detect.match_list                          | Total                     | 11
app_layer.flow.dns_udp                     | Total                     | 1
app_layer.tx.dns_udp                       | Total                     | 3
app_layer.flow.failed_udp                  | Total                     | 6
flow.spare                                 | Total                     | 9994
flow_mgr.flows_checked                     | Total                     | 3
flow_mgr.flows_notimeout                   | Total                     | 3
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65533
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7074304


eve.json - (3758 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
{"timestamp":"1900-01-00T00:00:14.077175+0000","flow_id":2135157092789623,"pcap_cnt":29,"event_type":"alert","src_ip":"10.0.2.15","src_port":1048,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2829965,"rev":2,"signature":"ETPRO TROJAN APT15 BS2005 DNS Lookup 1","category":"A Network Trojan was detected","severity":1},"app_proto":"dns"}
{"timestamp":"1900-01-00T00:00:14.077175+0000","flow_id":2135157092789623,"pcap_cnt":29,"event_type":"dns","src_ip":"10.0.2.15","src_port":1048,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":56234,"rrname":"run.linodepower.com","rrtype":"A","tx_id":0}}
{"timestamp":"1900-01-00T00:00:14.095844+0000","flow_id":2135157092789623,"pcap_cnt":30,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"10.0.2.15","dest_port":1048,"proto":"UDP","dns":{"type":"answer","id":56234,"rcode":"NXDOMAIN","rrname":"run.linodepower.com"}}
{"timestamp":"1900-01-00T00:00:14.095844+0000","flow_id":2135157092789623,"pcap_cnt":30,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"10.0.2.15","dest_port":1048,"proto":"UDP","dns":{"type":"answer","id":56234,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"1900-01-00T00:00:19.644700+0000","flow_id":2135157092789623,"pcap_cnt":55,"event_type":"alert","src_ip":"10.0.2.15","src_port":1048,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","tx_id":1,"alert":{"action":"allowed","gid":1,"signature_id":2829966,"rev":2,"signature":"ETPRO TROJAN APT15 BS2005 DNS Lookup 2","category":"A Network Trojan was detected","severity":1},"app_proto":"dns"}
{"timestamp":"1900-01-00T00:00:19.644700+0000","flow_id":2135157092789623,"pcap_cnt":55,"event_type":"dns","src_ip":"10.0.2.15","src_port":1048,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":22145,"rrname":"singa.linodepower.com","rrtype":"A","tx_id":1}}
{"timestamp":"1900-01-00T00:00:19.670600+0000","flow_id":2135157092789623,"pcap_cnt":56,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"10.0.2.15","dest_port":1048,"proto":"UDP","dns":{"type":"answer","id":22145,"rcode":"NXDOMAIN","rrname":"singa.linodepower.com"}}
{"timestamp":"1900-01-00T00:00:19.670600+0000","flow_id":2135157092789623,"pcap_cnt":56,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"10.0.2.15","dest_port":1048,"proto":"UDP","dns":{"type":"answer","id":22145,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":899}}
{"timestamp":"1900-01-00T00:00:22.845642+0000","flow_id":2135157092789623,"pcap_cnt":65,"event_type":"alert","src_ip":"10.0.2.15","src_port":1048,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","tx_id":2,"alert":{"action":"allowed","gid":1,"signature_id":2829966,"rev":2,"signature":"ETPRO TROJAN APT15 BS2005 DNS Lookup 2","category":"A Network Trojan was detected","severity":1},"app_proto":"dns"}
{"timestamp":"1900-01-00T00:00:22.845642+0000","flow_id":2135157092789623,"pcap_cnt":65,"event_type":"dns","src_ip":"10.0.2.15","src_port":1048,"dest_ip":"8.8.8.8","dest_port":53,"proto":"UDP","dns":{"type":"query","id":39648,"rrname":"singa.linodepower.com","rrtype":"A","tx_id":2}}
{"timestamp":"1900-01-00T00:00:22.851607+0000","flow_id":2135157092789623,"pcap_cnt":66,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"10.0.2.15","dest_port":1048,"proto":"UDP","dns":{"type":"answer","id":39648,"rcode":"NXDOMAIN","rrname":"singa.linodepower.com"}}
{"timestamp":"1900-01-00T00:00:22.851607+0000","flow_id":2135157092789623,"pcap_cnt":66,"event_type":"dns","src_ip":"8.8.8.8","src_port":53,"dest_ip":"10.0.2.15","dest_port":1048,"proto":"UDP","dns":{"type":"answer","id":39648,"rcode":"NXDOMAIN","rrname":"com","rrtype":"SOA","ttl":895}}


unified2.alert.1564359048 - (529 bytes) - download
1
2
3
4
5
6
7
4-w+.
5k-wORT5'4ºtEAH€F
5-ö2Ûªrunlinodepowercom4	Ö\+.Ž
5m	Ö\QRT5'4ºtECV€6
5/öVsingalinodepowercom4çJ+.Ž
5mçJQRT5'4ºtEC^€.
5/ٖšàsingalinodepowercom


suricata-4.0.0-etpro-all-perf.txt-2019-07-29-T-00-10-49-07292019.0010-750d9eecd533f89b8aa13aeab173a1cf813b021b6824bc30e60f5db6fa7b950b.pcap.txt - (10710 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
  --------------------------------------------------------------------------
  Date: 7/29/2019 -- 00:10:49. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2809850      1        2        471238       4.41   1        0        471238      471238.00   0.00        471238.00  
  2        2022543      1        1        509592       4.77   3        0        460860      169864.00   0.00        169864.00  
  3        2008120      1        4        673292       6.30   45       0        422404      14962.04    0.00        14962.04   
  4        2009243      1        2        459750       4.30   24       0        345260      19156.25    0.00        19156.25   
  5        2805348      1        4        1105222      10.34  13       0        126470      85017.08    0.00        85017.08   
  6        2811542      1        1        184570       1.73   3        0        78276       61523.33    0.00        61523.33   
  7        2018316      1        4        192480       1.80   3        0        75816       64160.00    0.00        64160.00   
  8        2018666      1        4        179632       1.68   3        0        71246       59877.33    0.00        59877.33   
  9        2019230      1        2        185982       1.74   6        0        62584       30997.00    0.00        30997.00   
  10       2811544      1        1        189310       1.77   6        0        59934       31551.67    0.00        31551.67   
  11       2020742      1        1        166446       1.56   3        0        59674       55482.00    0.00        55482.00   
  12       2014703      1        9        125674       1.18   6        0        59198       20945.67    0.00        20945.67   
  13       2811577      1        2        176264       1.65   6        0        56058       29377.33    0.00        29377.33   
  14       2014701      1        12       138154       1.29   6        0        52328       23025.67    0.00        23025.67   
  15       2020741      1        1        155772       1.46   3        0        52208       51924.00    0.00        51924.00   
  16       2022973      1        1        50410        0.47   1        0        50410       50410.00    0.00        50410.00   
  17       2806984      1        1        151644       1.42   4        0        48006       37911.00    0.00        37911.00   
  18       2806988      1        1        107296       1.00   4        0        31420       26824.00    0.00        26824.00   
  19       2806993      1        1        103278       0.97   4        0        30864       25819.50    0.00        25819.50   
  20       2829965      1        2        30134        0.28   1        1        30134       30134.00    30134.00    0.00       
  21       2829966      1        2        56270        0.53   2        2        29966       28135.00    28135.00    0.00       
  22       2806990      1        1        102506       0.96   4        0        29782       25626.50    0.00        25626.50   
  23       2014702      1        9        91138        0.85   6        0        29232       15189.67    0.00        15189.67   
  24       2806989      1        1        100118       0.94   4        0        29082       25029.50    0.00        25029.50   
  25       2019010      1        3        83896        0.78   13       0        28500       6453.54     0.00        6453.54    
  26       2806992      1        1        100780       0.94   4        0        28006       25195.00    0.00        25195.00   
  27       2826281      1        2        78624        0.74   3        0        26894       26208.00    0.00        26208.00   
  28       2806994      1        1        98606        0.92   4        0        26376       24651.50    0.00        24651.50   
  29       2806986      1        1        95854        0.90   4        0        26058       23963.50    0.00        23963.50   
  30       2806991      1        1        98354        0.92   4        0        26054       24588.50    0.00        24588.50   
  31       2803760      1        3        75308        0.70   3        0        25610       25102.67    0.00        25102.67   
  32       2809037      1        1        133142       1.25   24       0        25486       5547.58     0.00        5547.58    
  33       2806987      1        1        96074        0.90   4        0        25262       24018.50    0.00        24018.50   
  34       2806985      1        1        97120        0.91   4        0        25242       24280.00    0.00        24280.00   
  35       2023626      1        3        269202       2.52   51       0        21522       5278.47     0.00        5278.47    
  36       2802205      1        3        212514       1.99   41       0        19894       5183.27     0.00        5183.27    
  37       2023627      1        3        198610       1.86   39       0        19402       5092.56     0.00        5092.56    
  38       2801347      1        5        233066       2.18   45       0        19330       5179.24     0.00        5179.24    
  39       2022331      1        3        38666        0.36   5        0        19118       7733.20     0.00        7733.20    
  40       2023623      1        3        188990       1.77   37       0        18704       5107.84     0.00        5107.84    
  41       2010140      1        7        222588       2.08   44       0        16276       5058.82     0.00        5058.82    
  42       2008116      1        4        211054       1.97   41       0        11714       5147.66     0.00        5147.66    
  43       2008118      1        3        122132       1.14   24       0        9232        5088.83     0.00        5088.83    
  44       2023624      1        3        244504       2.29   51       0        7752        4794.20     0.00        4794.20    
  45       2016178      1        2        12648        0.12   2        0        7722        6324.00     0.00        6324.00    
  46       2823788      1        4        19554        0.18   3        0        7704        6518.00     0.00        6518.00    
  47       2023625      1        3        74626        0.70   16       0        7434        4664.12     0.00        4664.12    
  48       2013739      1        15       198730       1.86   41       0        7194        4847.07     0.00        4847.07    
  49       2016323      1        1        25578        0.24   4        0        7186        6394.50     0.00        6394.50    
  50       2025200      1        1        31970        0.30   6        0        6998        5328.33     0.00        5328.33    
  51       2016363      1        2        22014        0.21   4        0        6898        5503.50     0.00        5503.50    
  52       2009702      1        5        31718        0.30   6        0        6766        5286.33     0.00        5286.33    
  53       2022330      1        2        20994        0.20   4        0        6692        5248.50     0.00        5248.50    
  54       2008117      1        3        93804        0.88   19       0        6572        4937.05     0.00        4937.05    
  55       2100518      1        8        195012       1.82   41       0        6486        4756.39     0.00        4756.39    
  56       2010143      1        3        214302       2.00   44       0        6430        4870.50     0.00        4870.50    
  57       2023622      1        3        230252       2.15   48       0        6360        4796.92     0.00        4796.92    
  58       2802822      1        1        93308        0.87   19       0        6148        4910.95     0.00        4910.95    
  59       2802823      1        1        35516        0.33   7        0        6108        5073.71     0.00        5073.71    
  60       2008119      1        3        34810        0.33   7        0        5958        4972.86     0.00        4972.86    
  61       2010142      1        4        207626       1.94   44       0        5902        4718.77     0.00        4718.77    
  62       2100566      1        5        20750        0.19   4        0        5814        5187.50     0.00        5187.50    
  63       2100474      1        5        62240        0.58   13       0        5648        4787.69     0.00        4787.69    
  64       2023614      1        3        37618        0.35   8        0        5546        4702.25     0.00        4702.25    
  65       2019011      1        3        59806        0.56   13       0        5200        4600.46     0.00        4600.46    
  66       2102257      1        10       9478         0.09   2        0        4998        4739.00     0.00        4739.00    
  67       2019016      1        3        58722        0.55   13       0        4998        4517.08     0.00        4517.08    
  68       2805442      1        2        9408         0.09   2        0        4982        4704.00     0.00        4704.00    
  69       2016181      1        2        9552         0.09   2        0        4978        4776.00     0.00        4776.00    
  70       2023617      1        3        37018        0.35   8        0        4956        4627.25     0.00        4627.25    
  71       2023616      1        3        18326        0.17   4        0        4950        4581.50     0.00        4581.50    
  72       2019017      1        3        58748        0.55   13       0        4940        4519.08     0.00        4519.08    
  73       2023613      1        3        27724        0.26   6        0        4904        4620.67     0.00        4620.67    
  74       2016179      1        2        9332         0.09   2        0        4868        4666.00     0.00        4666.00    
  75       2023612      1        4        45684        0.43   10       0        4798        4568.40     0.00        4568.40    
  76       2023619      1        3        9178         0.09   2        0        4752        4589.00     0.00        4589.00    
  77       2023615      1        3        26962        0.25   6        0        4746        4493.67     0.00        4493.67    
  78       2013075      1        8        13548        0.13   3        0        4530        4516.00     0.00        4516.00    
  79       2023621      1        4        17778        0.17   4        0        4498        4444.50     0.00        4444.50    
  80       2023618      1        3        13278        0.12   3        0        4432        4426.00     0.00        4426.00    


keyword_perf.log - (3255 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 7/29/2019 -- 00:10:49
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1958826         205             123             437436          9555.00         12494.00        5146.00        
  pcre             96362           8               1               26316           12045.00        26316.00        10006.00       
  byte_test        682414          123             114             38242           5548.00         5296.00         8739.00        
  byte_jump        86112           13              13              23526           6624.00         6624.00         0.00           
  isdataat         15242           3               0               5784            5080.00         0.00            5080.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          1939976         202             120             437436          9603.00         12649.00        5146.00        
  pcre             96362           8               1               26316           12045.00        26316.00        10006.00       
  byte_test        682414          123             114             38242           5548.00         5296.00         8739.00        
  byte_jump        86112           13              13              23526           6624.00         6624.00         0.00           
  isdataat         15242           3               0               5784            5080.00         0.00            5080.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dns_query
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          18850           3               3               6780            6283.00         6283.00         0.00           


IDSDeathBlossom.py.log - (1204 bytes) - download
1
2
3
4
5
6
7
8
2019-07-29 00:10:26,966 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-07-29 00:10:27,728 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-07-29 00:10:27,729 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-07-29 00:10:27,729 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-07-29 00:10:27,729 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-07-29 00:10:27,729 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/bf1750cdcde481eb1d62a29e61b3155456b33745cb75ec8c950e11a498e082d2 -r /var/pcap/07292019.0010-750d9eecd533f89b8aa13aeab173a1cf813b021b6824bc30e60f5db6fa7b950b.pcap -vvv -k none
2019-07-29 00:10:49,266 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-07-29 00:10:49,267 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 22.3089649677