Filename: b5396d19-38fc-49ca-b9e3-d390d120c7df.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 24.2374689579 seconds
Hash: cd0d9ff4f81e5e4d9af3db76ae2db7b8
Uploaded: 1555926139

Logfiles


unified2.alert.1555926162 - (981 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
4\¯=–*ºæÀ¨d°Èƒ×Æ"»‘\¯=–\¯=–*uEuF7À¨d°Èƒ×Æ"»Pæ,POST /devices/ HTTP/1.1
Referer: http://200.28.131.215/devices/
Content-Type: application/x-www-form-urlencoded
DNT: 1
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)
Host: 200.28.131.215:443
Content-Length: 439
Connection: Keep-Alive
Cache-Control: no-cache

BToQZdVmdS1PtK3t=cWyAhREHYbWiC9QRY9iiTZoK93NDMgRbMGzKHeKOEeUPNpJBF6WlENtcgmcZF4EAFR%2FtE7FSsf1KxSZHOuLKqiPp0OBvUTwbdl%2BvCUW19k1LuqWzBnZXBYxuFyi%2F2kLweqMlJP54qHZIsVHoM%2BOusG7ksqBTMe5ieEs1b4j%2BwXoO%2FpDKsR8quEqIMi%2Bm6sHqhdkMzuGhZLl0T54GX5aOS3y5snrahc62dIQ4qdkgFyePzCfPJmQdU84qHD2i1RIZjnjgk04a6NuhPZMhVyqHHyQUXmdhmYTD44japlvdt9CRUf1yfaen49bXNG2MyqJuM%2BIWq%2F%2BOpVnXgeWjDh7D6I%2BpOorEpbEtPVwyOz1va%2Fn9U%2BephDRYHmFx5AJXx7yueCRnBg%3D%3D


packet_stats.log - (13166 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       6            30          2191188       63967907      46759297          1.4b   44.75
 IPv4      17            61          5560074       57234868      23582477          1.4b   45.89
 IPv6      17            14          6047760       49579886      20956900        293.4m    9.36
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       6            30            68106        5644378        639440         19.2m   32.92
TMM_FLOWWORKER              IPv4      17            61           118358       10020040        575384         35.1m   60.23
TMM_RECEIVEPCAPFILE         IPv4       6            24             2540           6424          3026         72.6k    0.12
TMM_RECEIVEPCAPFILE         IPv4      17            61             2540          16669          3034        185.1k    0.32
TMM_DECODEPCAPFILE          IPv4       6            24             2672          16299          3350         80.4k    0.14
TMM_DECODEPCAPFILE          IPv4      17            61             2654          32714          3242        197.8k    0.34
TMM_FLOWWORKER              IPv6      17            14           108121         565703        240260          3.4m    5.77
TMM_RECEIVEPCAPFILE         IPv6      17            14             2549           3059          2787         39.0k    0.07
TMM_DECODEPCAPFILE          IPv6      17            14             2684          17395          3821         53.5k    0.09

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       6            24             2877          10384          3678         88.3k  0.16  
flow                    IPv4      17            61             2674        8361418        141396          8.6m  15.91 
stream                  IPv4       6            30             2710         492035         31943        958.3k  1.77  
app-layer               IPv4      17            61             2518          42627          4080        248.9k  0.46  
detect                  IPv4       6            30            45049        5002372        544944         16.3m  30.16 
detect                  IPv4      17            61           102105        9996260        403835         24.6m  45.44 
tcp-prune               IPv4       6            30             2561          10180          3233         97.0k  0.18  
flow                    IPv6      17            14             2855          10442          5357         75.0k  0.14  
app-layer               IPv6      17            14             2527          14487          5730         80.2k  0.15  
detect                  IPv6      17            14            91975         548718        218349          3.1m  5.64  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
http                    IPv4       6             3             3637          28284         12006         36.0k  100.00
Proto detect            IPv4       6             3             3089          10886          6093         18.3k
Proto detect            IPv4      17             8             2756          35136          6933         55.5k
Proto detect            IPv6      17             6             2991           8532          4399         26.4k

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             1            73972          73972         73972         74.0k  6.06  
LOGGER_UNIFIED2             IPv4       6             1           127366         127366        127366        127.4k  10.44 
LOGGER_JSON_ALERT           IPv4       6             1            58610          58610         58610         58.6k  4.80  
LOGGER_JSON_HTTP            IPv4       6             3            36719         100717         58749        176.2k  14.44 
LOGGER_JSON_FILE            IPv4       6             3            49047         603605        261450        784.3k  64.26 

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       6             6             2877         700885        151230       907.4k  19.05 
payload                           IPv4      17            61             3136         105833         13378       816.1k  17.13 
stream                            IPv4       6             6             2686         686920        234719         1.4m  29.57 
http_uri                          IPv4       6             3            12991          33261         22896        68.7k  1.44  
http_request_line                 IPv4       6             3             5076          12577          7840        23.5k  0.49  
http_client_body                  IPv4       6             3           121856         197214        152600       457.8k  9.61  
http_header (request)             IPv4       6             3            89228         239650        150544       451.6k  9.48  
http_header (request trailer)     IPv4       6             3             2647           2671          2658         8.0k  0.17  
http_header_names (request)       IPv4       6             3            15256          24114         18899        56.7k  1.19  
http_accept (request)             IPv4       6             3             3906          11319          6416        19.2k  0.40  
http_referer (request)            IPv4       6             3             4234          12241          7260        21.8k  0.46  
http_content_len (request)        IPv4       6             3             4377          10810          6629        19.9k  0.42  
http_content_type (request)       IPv4       6             3             8008          12506          9627        28.9k  0.61  
http_protocol (request)           IPv4       6             3             4034           4934          4334        13.0k  0.27  
http_start (request)              IPv4       6             3            11249          22007         18105        54.3k  1.14  
http_raw_header (request)         IPv4       6             3            13617          27419         18242        54.7k  1.15  
http_method                       IPv4       6             3             5001           6747          5640        16.9k  0.36  
http_cookie (request)             IPv4       6             3             3402           9259          5366        16.1k  0.34  
http_raw_uri                      IPv4       6             3             4443           9233          6488        19.5k  0.41  
http_user_agent                   IPv4       6             3            31435          55491         39594       118.8k  2.49  
http_host                         IPv4       6             3             4262           5551          4863        14.6k  0.31  
Total                             IPv4                   127                                         36187         4.6m
payload                           IPv6      17            14             3236          50232         11953       167.3k  3.51  
Total                             IPv6                    14                                         11953       167.3k

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       6             6            19040          89035         58022        348.1k  0.66  
PROF_DETECT_IPONLY          IPv4      17             8            37698         253336         80553        644.4k  1.22  
PROF_DETECT_RULES           IPv4       6            30             2546        3372391        316945          9.5m  18.04 
PROF_DETECT_RULES           IPv4      17            61            44279        9920711        290489         17.7m  33.62 
PROF_DETECT_STATEFUL_START    IPv4       6            10             5130        1722603        447703          4.5m  8.50  
PROF_DETECT_STATEFUL_CONT    IPv4       6            30             2521          44875          6304        189.1k  0.36  
PROF_DETECT_STATEFUL_CONT    IPv4      17            61             2505           8729          2879        175.7k  0.33  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6            17             2592           3385          2736         46.5k  0.09  
PROF_DETECT_PREFILTER       IPv4       6            30             7914        1582612        155653          4.7m  8.86  
PROF_DETECT_PREFILTER       IPv4      17            61            23989         419061         56468          3.4m  6.54  
PROF_DETECT_PF_PAYLOAD      IPv4       6             6            96622         712106        393919          2.4m  4.48  
PROF_DETECT_PF_PAYLOAD      IPv4      17            61             8368         401326         31243          1.9m  3.62  
PROF_DETECT_PF_TX           IPv4       6            17             2765         747728         98303          1.7m  3.17  
PROF_DETECT_PF_SORT1        IPv4       6             6             3058          43934         15254         91.5k  0.17  
PROF_DETECT_PF_SORT1        IPv4      17            61             2564         384281          9672        590.0k  1.12  
PROF_DETECT_PF_SORT2        IPv4       6            30             2549         111267          8251        247.6k  0.47  
PROF_DETECT_PF_SORT2        IPv4      17            61             2544          19435          3254        198.6k  0.38  
PROF_DETECT_NONMPMLIST      IPv4       6            30             2593           9705          3223         96.7k  0.18  
PROF_DETECT_NONMPMLIST      IPv4      17            61             2529          25423          3203        195.4k  0.37  
PROF_DETECT_ALERT           IPv4       6            30             2545          12344          3027         90.8k  0.17  
PROF_DETECT_ALERT           IPv4      17            61             2542          38231          3307        201.7k  0.38  
PROF_DETECT_CLEANUP         IPv4       6            30             2606          19483          4033        121.0k  0.23  
PROF_DETECT_CLEANUP         IPv4      17            61             2519           6331          2810        171.4k  0.33  
PROF_DETECT_GETSGH          IPv4       6            30             2581         394039         17808        534.3k  1.01  
PROF_DETECT_GETSGH          IPv4      17            61             2540         125208          5204        317.5k  0.60  
PROF_DETECT_IPONLY          IPv6      17             6             3024          19136          7409         44.5k  0.08  
PROF_DETECT_RULES           IPv6      17            14            33847         113089         58532        819.5k  1.55  
PROF_DETECT_STATEFUL_CONT    IPv6      17            14             2503         383931         29962        419.5k  0.80  
PROF_DETECT_PREFILTER       IPv6      17            14            24083          78190         34247        479.5k  0.91  
PROF_DETECT_PF_PAYLOAD      IPv6      17            14             8300          55372         17085        239.2k  0.45  
PROF_DETECT_PF_SORT1        IPv6      17            14             2614           4391          3154         44.2k  0.08  
PROF_DETECT_PF_SORT2        IPv6      17            14             2541           8332          3093         43.3k  0.08  
PROF_DETECT_NONMPMLIST      IPv6      17            14             2534           3424          2753         38.6k  0.07  
PROF_DETECT_ALERT           IPv6      17            14             2546           2951          2635         36.9k  0.07  
PROF_DETECT_CLEANUP         IPv6      17            14             2522           5253          2949         41.3k  0.08  
PROF_DETECT_GETSGH          IPv6      17            14             2771         405546         33903        474.6k  0.90  


suricata-report-2019-04-22-T-09-42-43-04222019.0942-b5396d19-38fc-49ca-b9e3-d390d120c7df.pcap.txt - (17707 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/cd0d9ff4f81e5e4d9af3db76ae2db7b856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/04222019.0942-b5396d19-38fc-49ca-b9e3-d390d120c7df.pcap -vvv -k none
elapsedtime:23.288140
stderr:
stdout:
22/4/2019 -- 09:42:20 - <Info> - Configuration node 'rule-files' redefined.
22/4/2019 -- 09:42:20 - <Notice> - This is Suricata version 4.0.0 RELEASE
22/4/2019 -- 09:42:20 - <Info> - CPUs/cores online: 1
22/4/2019 -- 09:42:20 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 33570 and 'request-body-inspect-window' set to 15613 after randomization.
22/4/2019 -- 09:42:20 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31183 and 'response-body-inspect-window' set to 15880 after randomization.
22/4/2019 -- 09:42:20 - <Config> - DNS request flood protection level: 500
22/4/2019 -- 09:42:20 - <Config> - DNS per flow memcap (state-memcap): 524288
22/4/2019 -- 09:42:20 - <Config> - DNS global memcap: 16777216
22/4/2019 -- 09:42:20 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
22/4/2019 -- 09:42:20 - <Config> - preallocated 1000 hosts of size 136
22/4/2019 -- 09:42:20 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
22/4/2019 -- 09:42:20 - <Config> - using magic-file /usr/share/file/magic
22/4/2019 -- 09:42:20 - <Config> - Core dump size is unlimited.
22/4/2019 -- 09:42:20 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
22/4/2019 -- 09:42:20 - <Config> - preallocated 1000 defrag trackers of size 168
22/4/2019 -- 09:42:20 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
22/4/2019 -- 09:42:20 - <Config> - stream "prealloc-sessions": 2048 (per thread)
22/4/2019 -- 09:42:20 - <Config> - stream "memcap": 33554432
22/4/2019 -- 09:42:20 - <Config> - stream "midstream" session pickups: disabled
22/4/2019 -- 09:42:20 - <Config> - stream "async-oneside": disabled
22/4/2019 -- 09:42:20 - <Config> - stream "checksum-validation": disabled
22/4/2019 -- 09:42:20 - <Config> - stream."inline": disabled
22/4/2019 -- 09:42:20 - <Config> - stream "bypass": disabled
22/4/2019 -- 09:42:20 - <Config> - stream "max-synack-queued": 5
22/4/2019 -- 09:42:20 - <Config> - stream.reassembly "memcap": 134217728
22/4/2019 -- 09:42:20 - <Config> - stream.reassembly "depth": 0
22/4/2019 -- 09:42:20 - <Config> - stream.reassembly "toserver-chunk-size": 2623
22/4/2019 -- 09:42:20 - <Config> - stream.reassembly "toclient-chunk-size": 2618
22/4/2019 -- 09:42:20 - <Config> - stream.reassembly.raw: enabled
22/4/2019 -- 09:42:20 - <Config> - stream.reassembly "segment-prealloc": 2048
22/4/2019 -- 09:42:20 - <Config> - Delayed detect disabled
22/4/2019 -- 09:42:20 - <Config> - pattern matchers: MPM: ac, SPM: bm
22/4/2019 -- 09:42:20 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
22/4/2019 -- 09:42:20 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
22/4/2019 -- 09:42:20 - <Config> - prefilter engines: MPM
22/4/2019 -- 09:42:20 - <Config> - IP reputation disabled
22/4/2019 -- 09:42:20 - <Perf> - Registered 148 keyword profiling counters.
22/4/2019 -- 09:42:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
22/4/2019 -- 09:42:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
22/4/2019 -- 09:42:20 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
22/4/2019 -- 09:42:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
22/4/2019 -- 09:42:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
22/4/2019 -- 09:42:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
22/4/2019 -- 09:42:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
22/4/2019 -- 09:42:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
22/4/2019 -- 09:42:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
22/4/2019 -- 09:42:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
22/4/2019 -- 09:42:25 - <Config> - No rules loaded from ET-icmp.rules.
22/4/2019 -- 09:42:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
22/4/2019 -- 09:42:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
22/4/2019 -- 09:42:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
22/4/2019 -- 09:42:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
22/4/2019 -- 09:42:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
22/4/2019 -- 09:42:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
22/4/2019 -- 09:42:25 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
22/4/2019 -- 09:42:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
22/4/2019 -- 09:42:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
22/4/2019 -- 09:42:26 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
22/4/2019 -- 09:42:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
22/4/2019 -- 09:42:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
22/4/2019 -- 09:42:29 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
22/4/2019 -- 09:42:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
22/4/2019 -- 09:42:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
22/4/2019 -- 09:42:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
22/4/2019 -- 09:42:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
22/4/2019 -- 09:42:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
22/4/2019 -- 09:42:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
22/4/2019 -- 09:42:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
22/4/2019 -- 09:42:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
22/4/2019 -- 09:42:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
22/4/2019 -- 09:42:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
22/4/2019 -- 09:42:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
22/4/2019 -- 09:42:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
22/4/2019 -- 09:42:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
22/4/2019 -- 09:42:31 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
22/4/2019 -- 09:42:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
22/4/2019 -- 09:42:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
22/4/2019 -- 09:42:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
22/4/2019 -- 09:42:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
22/4/2019 -- 09:42:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
22/4/2019 -- 09:42:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
22/4/2019 -- 09:42:33 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
22/4/2019 -- 09:42:33 - <Config> - No rules loaded from local.rules.
22/4/2019 -- 09:42:33 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
22/4/2019 -- 09:42:33 - <Info> - Threshold config parsed: 0 rule(s) found
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for tcp-packet
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for tcp-stream
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for udp-packet
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for other-ip
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_uri
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_request_line
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_client_body
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_response_line
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_header
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_header
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_header_names
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_header_names
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_accept
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_accept_enc
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_accept_lang
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_referer
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_connection
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_content_len
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_content_len
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_content_type
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_content_type
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_protocol
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_protocol
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_start
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_start
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_raw_header
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_raw_header
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_method
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_cookie
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_cookie
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_raw_uri
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_user_agent
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_host
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_raw_host
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_stat_msg
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_stat_code
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for dns_query
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for tls_sni
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for tls_cert_issuer
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for tls_cert_subject
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for tls_cert_serial
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for dce_stub_data
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for dce_stub_data
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for ssh_protocol
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for ssh_protocol
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for ssh_software
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for ssh_software
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for file_data
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for file_data
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_request_line
22/4/2019 -- 09:42:34 - <Perf> - using shared mpm ctx' for http_response_line
22/4/2019 -- 09:42:34 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
22/4/2019 -- 09:42:34 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
22/4/2019 -- 09:42:34 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
22/4/2019 -- 09:42:34 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
22/4/2019 -- 09:42:34 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
22/4/2019 -- 09:42:34 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
22/4/2019 -- 09:42:34 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
22/4/2019 -- 09:42:34 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
22/4/2019 -- 09:42:39 - <Perf> - Unique rule groups: 104
22/4/2019 -- 09:42:39 - <Perf> - Builtin MPM "toserver TCP packet": 35
22/4/2019 -- 09:42:39 - <Perf> - Builtin MPM "toclient TCP packet": 17
22/4/2019 -- 09:42:39 - <Perf> - Builtin MPM "toserver TCP stream": 33
22/4/2019 -- 09:42:39 - <Perf> - Builtin MPM "toclient TCP stream": 19
22/4/2019 -- 09:42:39 - <Perf> - Builtin MPM "toserver UDP packet": 27
22/4/2019 -- 09:42:39 - <Perf> - Builtin MPM "toclient UDP packet": 17
22/4/2019 -- 09:42:39 - <Perf> - Builtin MPM "other IP packet": 3
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_uri": 14
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_request_line": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_client_body": 6
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toclient http_response_line": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_header": 10
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toclient http_header": 6
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_header_names": 2
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_accept": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_referer": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_content_len": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_content_type": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toclient http_content_type": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_protocol": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_start": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_method": 5
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_cookie": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toclient http_cookie": 2
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver http_host": 2
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver dns_query": 4
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver tls_sni": 2
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toserver file_data": 1
22/4/2019 -- 09:42:39 - <Perf> - AppLayer MPM "toclient file_data": 7
22/4/2019 -- 09:42:42 - <Perf> - Registered 39590 rule profiling counters.
22/4/2019 -- 09:42:42 - <Info> - fast output device (regular) initialized: alert
22/4/2019 -- 09:42:42 - <Info> - eve-log output device (regular) initialized: eve.json
22/4/2019 -- 09:42:42 - <Config> - enabling 'eve-log' module 'alert'
22/4/2019 -- 09:42:42 - <Config> - enabling 'eve-log' module 'http'
22/4/2019 -- 09:42:42 - <Config> - enabling 'eve-log' module 'dns'
22/4/2019 -- 09:42:42 - <Config> - enabling 'eve-log' module 'tls'
22/4/2019 -- 09:42:42 - <Config> - enabling 'eve-log' module 'files'
22/4/2019 -- 09:42:42 - <Config> - enabling 'eve-log' module 'ssh'
22/4/2019 -- 09:42:42 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
22/4/2019 -- 09:42:42 - <Info> - stats output device (regular) initialized: stats.log
22/4/2019 -- 09:42:42 - <Config> - AutoFP mode using "Hash" flow load balancer
22/4/2019 -- 09:42:42 - <Info> - reading pcap file /var/pcap/04222019.0942-b5396d19-38fc-49ca-b9e3-d390d120c7df.pcap
22/4/2019 -- 09:42:42 - <Config> - us

This file has been truncated. Go here to download in full.


suricata-4.0.0-etpro-all-alert-2019-04-22-T-09-42-43-04222019.0942-b5396d19-38fc-49ca-b9e3-d390d120c7df.pcap.txt - (200 bytes) - download
1
04/11/2019-13:13:58.727082  [**] [1:2013926:8] ET POLICY HTTP traffic on port 443 (POST) [**] [Classification: Potentially Bad Traffic] [Priority: 2] {TCP} 192.168.100.176:50722 -> 200.28.131.215:443


stats.log - (2685 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
------------------------------------------------------------------------------------
Date: 4/22/2019 -- 09:42:43 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 302
decoder.bytes                              | Total                     | 22698
decoder.ipv4                               | Total                     | 85
decoder.ipv6                               | Total                     | 14
decoder.ethernet                           | Total                     | 302
decoder.tcp                                | Total                     | 24
decoder.udp                                | Total                     | 75
decoder.avg_pkt_size                       | Total                     | 75
decoder.max_pkt_size                       | Total                     | 936
flow.tcp                                   | Total                     | 3
flow.udp                                   | Total                     | 14
tcp.sessions                               | Total                     | 3
tcp.syn                                    | Total                     | 3
tcp.synack                                 | Total                     | 3
tcp.rst                                    | Total                     | 1
detect.alert                               | Total                     | 1
detect.mpm_list                            | Total                     | 11
detect.nonmpm_list                         | Total                     | 2
detect.match_list                          | Total                     | 12
app_layer.tx.http                          | Total                     | 3
app_layer.flow.failed_udp                  | Total                     | 14
flow.spare                                 | Total                     | 9995
flow_mgr.flows_checked                     | Total                     | 10
flow_mgr.flows_notimeout                   | Total                     | 10
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65526
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7077184


eve.json - (3942 bytes) - download
1
2
3
4
5
6
7
{"timestamp":"2019-04-11T13:13:00.808972+0000","flow_id":925448368165022,"pcap_cnt":195,"event_type":"fileinfo","src_ip":"192.168.100.176","src_port":49643,"dest_ip":"190.104.67.90","dest_port":80,"proto":"TCP","http":{"hostname":"190.104.67.90","url":"\/vermont\/acquire\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/190.104.67.90\/vermont\/acquire\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/vermont\/acquire\/","gaps":false,"state":"CLOSED","stored":false,"size":444,"tx_id":0}}
{"timestamp":"2019-04-11T13:13:35.621599+0000","flow_id":615972354467593,"pcap_cnt":254,"event_type":"fileinfo","src_ip":"192.168.100.176","src_port":50195,"dest_ip":"190.85.100.102","dest_port":80,"proto":"TCP","http":{"hostname":"190.85.100.102","url":"\/ringin\/child\/ringin\/merge\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/190.85.100.102\/ringin\/child\/ringin\/merge\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/ringin\/child\/ringin\/merge\/","gaps":false,"state":"CLOSED","stored":false,"size":444,"tx_id":0}}
{"timestamp":"2019-04-11T13:13:58.727082+0000","flow_id":615972354467593,"event_type":"http","src_ip":"192.168.100.176","src_port":50195,"dest_ip":"190.85.100.102","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"190.85.100.102","url":"\/ringin\/child\/ringin\/merge\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-04-11T13:13:58.727082+0000","flow_id":925448368165022,"event_type":"http","src_ip":"192.168.100.176","src_port":49643,"dest_ip":"190.104.67.90","dest_port":80,"proto":"TCP","tx_id":0,"http":{"hostname":"190.104.67.90","url":"\/vermont\/acquire\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-04-11T13:13:58.727082+0000","flow_id":363423984693460,"event_type":"alert","src_ip":"192.168.100.176","src_port":50722,"dest_ip":"200.28.131.215","dest_port":443,"proto":"TCP","tx_id":0,"alert":{"action":"allowed","gid":1,"signature_id":2013926,"rev":8,"signature":"ET POLICY HTTP traffic on port 443 (POST)","category":"Potentially Bad Traffic","severity":2},"app_proto":"http"}
{"timestamp":"2019-04-11T13:13:58.727082+0000","flow_id":363423984693460,"event_type":"http","src_ip":"192.168.100.176","src_port":50722,"dest_ip":"200.28.131.215","dest_port":443,"proto":"TCP","tx_id":0,"http":{"hostname":"200.28.131.215","url":"\/devices\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)"}}
{"timestamp":"2019-04-11T13:13:58.727082+0000","flow_id":363423984693460,"event_type":"fileinfo","src_ip":"192.168.100.176","src_port":50722,"dest_ip":"200.28.131.215","dest_port":443,"proto":"TCP","http":{"hostname":"200.28.131.215","url":"\/devices\/","http_user_agent":"Mozilla\/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E)","http_refer":"http:\/\/200.28.131.215\/devices\/","http_method":"POST","protocol":"HTTP\/1.1","length":0},"app_proto":"http","fileinfo":{"filename":"\/devices\/","gaps":false,"state":"CLOSED","stored":false,"size":439,"tx_id":0}}


suricata-4.0.0-etpro-all-perf.txt-2019-04-22-T-09-42-43-04222019.0942-b5396d19-38fc-49ca-b9e3-d390d120c7df.pcap.txt - (19286 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 4/22/2019 -- 09:42:43. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2805348      1        4        1137080      8.50   14       0        432625      81220.00    0.00        81220.00   
  2        2023626      1        3        571087       4.27   59       0        418299      9679.44     0.00        9679.44    
  3        2008116      1        4        449343       3.36   18       0        399332      24963.50    0.00        24963.50   
  4        2802205      1        3        436991       3.27   18       0        386087      24277.28    0.00        24277.28   
  5        2810792      1        5        202778       1.52   1        0        202778      202778.00   0.00        202778.00  
  6        2816940      1        2        205896       1.54   3        0        96251       68632.00    0.00        68632.00   
  7        2816909      1        2        233752       1.75   3        0        96229       77917.33    0.00        77917.33   
  8        2816929      1        4        153440       1.15   3        0        87429       51146.67    0.00        51146.67   
  9        2816910      1        2        197272       1.47   3        0        80006       65757.33    0.00        65757.33   
  10       2011894      1        19       138533       1.04   3        0        72854       46177.67    0.00        46177.67   
  11       2025064      1        5        147923       1.11   3        0        71424       49307.67    0.00        49307.67   
  12       2021067      1        2        101465       0.76   2        2        65531       50732.50    50732.50    0.00       
  13       2812916      1        6        139722       1.04   3        0        59438       46574.00    0.00        46574.00   
  14       2024767      1        2        113415       0.85   3        0        53632       37805.00    0.00        37805.00   
  15       2815201      1        2        94640        0.71   3        0        52033       31546.67    0.00        31546.67   
  16       2820851      1        5        120339       0.90   3        0        51490       40113.00    0.00        40113.00   
  17       2017613      1        9        112347       0.84   3        0        51311       37449.00    0.00        37449.00   
  18       2018496      1        9        104100       0.78   3        0        50680       34700.00    0.00        34700.00   
  19       2821561      1        2        118550       0.89   3        0        47784       39516.67    0.00        39516.67   
  20       2816922      1        5        98167        0.73   3        0        45424       32722.33    0.00        32722.33   
  21       2816925      1        3        105772       0.79   3        0        45391       35257.33    0.00        35257.33   
  22       2816327      1        4        120018       0.90   3        0        45081       40006.00    0.00        40006.00   
  23       2816928      1        3        103891       0.78   3        0        44739       34630.33    0.00        34630.33   
  24       2821615      1        2        115151       0.86   3        0        44037       38383.67    0.00        38383.67   
  25       2018358      1        7        125546       0.94   3        0        43992       41848.67    0.00        41848.67   
  26       2828122      1        2        114148       0.85   3        0        43789       38049.33    0.00        38049.33   
  27       2819673      1        4        102181       0.76   3        0        43780       34060.33    0.00        34060.33   
  28       2815817      1        5        108058       0.81   3        0        43310       36019.33    0.00        36019.33   
  29       2016858      1        10       99082        0.74   3        0        41667       33027.33    0.00        33027.33   
  30       2019693      1        5        93448        0.70   3        0        41533       31149.33    0.00        31149.33   
  31       2022198      1        2        40938        0.31   1        0        40938       40938.00    0.00        40938.00   
  32       2816525      1        10       105339       0.79   3        0        40899       35113.00    0.00        35113.00   
  33       2018452      1        15       107003       0.80   3        0        40207       35667.67    0.00        35667.67   
  34       2816328      1        5        93179        0.70   3        0        39560       31059.67    0.00        31059.67   
  35       2019881      1        3        102252       0.76   3        0        39256       34084.00    0.00        34084.00   
  36       2816927      1        3        95385        0.71   3        0        38653       31795.00    0.00        31795.00   
  37       2820367      1        2        38546        0.29   1        0        38546       38546.00    0.00        38546.00   
  38       2023875      1        2        108686       0.81   3        0        38348       36228.67    0.00        36228.67   
  39       2012612      1        16       79085        0.59   3        0        37825       26361.67    0.00        26361.67   
  40       2010140      1        7        331150       2.48   68       0        37770       4869.85     0.00        4869.85    
  41       2827580      1        7        77520        0.58   3        0        35994       25840.00    0.00        25840.00   
  42       2023315      1        2        75665        0.57   3        0        34344       25221.67    0.00        25221.67   
  43       2019344      1        5        87966        0.66   3        0        33796       29322.00    0.00        29322.00   
  44       2829824      1        2        33554        0.25   1        0        33554       33554.00    0.00        33554.00   
  45       2816924      1        4        85687        0.64   3        0        32371       28562.33    0.00        28562.33   
  46       2017552      1        6        164514       1.23   10       0        32314       16451.40    0.00        16451.40   
  47       2810991      1        4        86181        0.64   3        0        32055       28727.00    0.00        28727.00   
  48       2022914      1        1        48347        0.36   3        0        30756       16115.67    0.00        16115.67   
  49       2013926      1        8        36393        0.27   3        1        30418       12131.00    30418.00    2987.50    
  50       2021068      1        2        30388        0.23   1        0        30388       30388.00    0.00        30388.00   
  51       2022207      1        4        84412        0.63   3        0        30315       28137.33    0.00        28137.33   
  52       2806132      1        3        84772        0.63   3        0        30281       28257.33    0.00        28257.33   
  53       2017259      1        12       84107        0.63   3        0        29879       28035.67    0.00        28035.67   
  54       2018981      1        4        83202        0.62   3        0        29689       27734.00    0.00        27734.00   
  55       2016537      1        2        126804       0.95   7        0        29675       18114.86    0.00        18114.86   
  56       2018958      1        18       82786        0.62   3        0        29063       27595.33    0.00        27595.33   
  57       2022197      1        3        55380        0.41   2        0        28945       27690.00    0.00        27690.00   
  58       2023670      1        3        80935        0.61   3        0        28931       26978.33    0.00        26978.33   
  59       2816165      1        5        83560        0.62   3        0        28546       27853.33    0.00        27853.33   
  60       2021038      1        4        80926        0.60   3        0        28544       26975.33    0.00        26975.33   
  61       2820031      1        2        82129        0.61   3        0        28372       27376.33    0.00        27376.33   
  62       2022339      1        2        83249        0.62   3        0        28315       27749.67    0.00        27749.67   
  63       2022503      1        2        79670        0.60   3        0        28276       26556.67    0.00        26556.67   
  64       2816526      1        13       79666        0.60   3        0        27875       26555.33    0.00        26555.33   
  65       2819785      1        2        81093        0.61   3        0        27582       27031.00    0.00        27031.00   
  66       2018242      1        5        79620        0.60   3        0        27400       26540.00    0.00        26540.00   
  67       2023622      1        3        212467       1.59   71       0        27153       2992.49     0.00        2992.49    
  68       2816931      1        3        78602        0.59   3        0        26886       26200.67    0.00        26200.67   
  69       2018983      1        7        78654        0.59   3        0        26689       26218.00    0.00        26218.00   
  70       2816930      1        4        77596        0.58   3        0        26623       25865.33    0.00        25865.33   
  71       2809682      1        5        65483        0.49   3        0        24168       21827.67    0.00        21827.67   
  72       2022049      1        3        64912        0.49   3        0        23173       21637.33    0.00        21637.33   
  73       2808275      1        2        23134        0.17   1        0        23134       23134.00    0.00        23134.00   
  74       2020380      1        3        64367        0.48   3        0        22624       21455.67    0.00        21455.67   
  75       2826256      1        2        63447        0.47   3        0        22200       21149.00    0.00        21149.00   
  76       2812785      1        3        22171        0.17   1        0        22171       22171.00    0.00        22171.00   
  77       2816669      1        4        64187        0.48   3        0        22152       21395.67    0.00        21395.67   
  78       2809074      1        2        22135        0.17   1        0        22135       22135.00    0.00        22135.00   
  79       2003657      1        18       63042        0.47   3        0        22029       21014.00    0.00        21014.00   
  80       2003492      1        30       62434        0.47   3        0        21898       20811.33    0.00        20811.33   
  81       2825760      1        2        21839        0.16   1        0        21839       21839.00    0.00        21839.00   
  82       2024178      1        2        61842        0.46   3        0        21804       20614.00    0.00        20614.00   
  83       2819993      1        2        62631        0.47   3        0        21750       20877.00    0.00        20877.00   
  84       2816055      1        2        62810        0.47   3        0        21728       20936.67    0.00        20936.67   
  85       2016223      1        10       60913        0.46   3        0        21694       20304.33    0.00        20304.33   
  86       2828008      1        2        62662        0.47   3        0        21664       20887.33    0.00        20887.33   
  87       2022262      1        3        62439        0.47   3        0        21658       20813.00    0.00        20813.00   
  88       2809547      1        5        61533        0.46   3        0        21633       20511.00    0.00        20511.00   
  89       2827279      1        5        64481        0.48   3        0        21609       21493.67    0.00        21493.67   
  90       2811445      1        4        29376        0.22   3        0        21511       9792.00     0.00        9792.00    
  91       2830657      1        2        21469        0.16   1        0        21469       21469.00    0.00        21469.00   
  92       2020388      1        8        28272        0.21   3        0        21432       9424.00     0.00        9424.00    
  93       2814883      1        3        61158        0.46   3        0        21386       20386.00    0.00        20386.00   
  94       2020705      1        4        60550        0.45   3        0        21261       20183.33    0.00        20183.33   
  95       2804626      1        9        60463        0.45   3        0        21120       20154.33    0.00        20154.33   
  96       2022220      1        2        61330        0.46   3        0        21062       20443.33    0.00        20443.33   
  97       2815324      1        2        60462        0.45   3        0        20931       20154.00    0.00        20154.00   
  98       2018010      1        5        60590        0.45   3        0        20761       20196.67    0.00        20196.67   
  99       2014380      1        4        79688        0.60   6        0        20756       13281.33    0.00        13281.33   
  100      2020698      1        2        20719        0.15   1        0        20719       20719.00    0.00        20719.00   
  101      2805260      1        4        59873        0.45   3        0        20176       19957.67    0.00        19957.67   
  102      2810793      1        5        24042        0.18   3        0        16999       8014.00     0.00        8014.00    
  103      2013739      1        15       187900       1.40   68       0        12202       2763.24     0.00        2763.24    
  104      2805211      1        1        27417        0.20   3        0        10037       9139.00     0.00        9139.00    
  105      2016323      1        1        23859        0.18   7        0        4927        3408.43     0.00        3408.43    
  106      2019010      1        3        43404        0.32   14       0        4318        3100.29     0.00        3100.29    
  107      2023627      1        3        131293       0.98   48       0        4258        2735.27     0.00        2735.27    
  108      2102523      1        8        9762         0.07   3        0        3829        3254.00     0.00        3254.00    
  109      2023623      1        3        119362       0.89   45       0        3807        2652.49     0.00        2652.49    
  110      2009243      1        2        52940        0.40   19       0        3772        2786.32     0.00        2786.32    
  111      2019011      1        3        51661        0.39   18       0        3761        2870.06     0.00        2870.06    
  112      2100518      1        8        51651        0.39   18       0        3741        2869.50     0.00        2869.50    
  113      2008120      1        4        181837       1.36   68       0        3715        2674.07     0.00        2674.07    
  114      2018061      1        2        6551         0.05   2        0        3676        3275.50     0.00        3275.50    
  115      2804587      1        2        9726         0.07   3        0        3647        3242.00     0.00        3242.00    
  116      2810794      1        5        3607         0.03   1        0        3607        3607.00     0.00        3607.00    
  117      2802822      1        1        51172        0.38   18       0        3603        2842.89     0.00        2842.89    
  118      2019017      1        3        40146        0.30   14       0        3589        2867.57     0.00        2867.57    
  119      2016363      1        2        21434        0.16   7        0        3555        3062.00     0.00        3062.00    
  120      2801347      1        5        59673        0.45   21       0        3553        2841.57     0.00        2841.57    
  121      2018060      1        2        3549         0.03   1        0        3549        3549.00     0.00        3549.00    
  122      2008117      1        3        51006        0.38   18       0        3542        2833.67     0.00        2833.67    
  123      2008118      1        3        52663        0.39   19       0        3533        2771.74     0.00        2771.74    
  124      2100540      1        12       18681        0.14   6        0        3514        3113.50     0.00        3113.50    
  125      2010143      1        3        1

This file has been truncated. Go here to download in full.


keyword_perf.log - (9372 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 4/22/2019 -- 09:42:43
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             898305          259             259             21282           3468.00         3468.00         0.00           
  content          1744779         447             255             20688           3903.00         4031.00         3733.00        
  pcre             506121          54              23              46347           9372.00         8912.00         9714.00        
  byte_test        173000          48              42              23693           3604.00         3179.00         6579.00        
  byte_jump        50205           14              14              9361            3586.00         3586.00         0.00           
  flowbits         23183           2               2               19026           11591.00        11591.00        0.00           
  urilen           222643          73              24              4134            3049.00         3096.00         3027.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flow             898305          259             259             21282           3468.00         3468.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          296028          82              50              17205           3610.00         3954.00         3071.00        
  pcre             46347           1               0               46347           46347.00        0.00            46347.00       
  byte_test        173000          48              42              23693           3604.00         3179.00         6579.00        
  byte_jump        50205           14              14              9361            3586.00         3586.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         23183           2               2               19026           11591.00        11591.00        0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_uri
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          145340          38              10              16440           3824.00         3314.00         4006.00        
  pcre             233970          26              3               34867           8998.00         14298.00        8307.00        
  urilen           222643          73              24              4134            3049.00         3096.00         3027.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_client_body
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          43030           7               0               20688           6147.00         0.00            6147.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          912099          223             136             18334           4090.00         4188.00         3936.00        
  pcre             188714          21              14              24525           8986.00         8928.00         9102.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_header_names
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          9930            3               0               3855            3310.00         0.00            3310.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_content_type
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          10659           3               3               3875            3553.00         3553.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_method
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          26763           7               2               4684            3823.00         3357.00         4009.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: http_user_agent
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          300930          84              54              9981            3582.00         3891.00         3026.00        
  pcre             37090           6               6               10998           6181.00         6181.00         0.00           


IDSDeathBlossom.py.log - (1176 bytes) - download
1
2
3
4
5
6
7
8
2019-04-22 09:42:19,286 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-04-22 09:42:20,014 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-04-22 09:42:20,014 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-04-22 09:42:20,015 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-04-22 09:42:20,015 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-04-22 09:42:20,015 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/cd0d9ff4f81e5e4d9af3db76ae2db7b856b33745cb75ec8c950e11a498e082d2 -r /var/pcap/04222019.0942-b5396d19-38fc-49ca-b9e3-d390d120c7df.pcap -vvv -k none
2019-04-22 09:42:43,306 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-04-22 09:42:43,307 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 24.0284001827