Filename: eternalromance-success-2008r2.pcap
Status: Analysis complete
IDS: suricata-4.0.0
Ruleset: etpro-all
Runtime: 26.1012837887 seconds
Hash: dc828b1dbbe33388e39d8fa0b169ad5f
Uploaded: 1558091877

Logfiles


unified2.alert.1558091902 - (678 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
4Xôê|Sô Â	
cc¬!
Éͽ°Xôê|Xôê|Sô”)ž‰_*ãÌ¢.E†+ÕH
cc¬!
ÉͽI„£X/]PÿRZÿSMBuÀÿþ@ÿZ/\\172.23.33.10\IPC$?????4Xôê}
õˆã
cc¬!
Éͽ•Xôê}Xôê}
õˆy)ž‰_*ãÌ¢.Ek+ÆÕ:
cc¬!
ÉͽI„(X9-Pû´™?ÿSMB%À(d@@	4Xôê}=øã
cc¬!
Éͽ•Xôê}Xôê}=øy)ž‰_*ãÌ¢.Ek+ÚÕ&
cc¬!
ÉͽI„dX<9Pý˜O?ÿSMB%À(x@@	


suricata-4.0.0-etpro-all-perf.txt-2019-05-17-T-11-18-23-05172019.1117-eternalromance-success-2008r2.pcap.txt - (28630 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
  --------------------------------------------------------------------------
  Date: 5/17/2019 -- 11:18:23. Sorted by: max ticks.
  --------------------------------------------------------------------------
   Num      Rule         Gid      Rev      Ticks        %      Checks   Matches  Max Ticks   Avg Ticks   Avg Match   Avg No Match
  -------- ------------ -------- -------- ------------ ------ -------- -------- ----------- ----------- ----------- -------------- 
  1        2800995      1        1        2441558      9.00   65       0        523878      37562.43    0.00        37562.43   
  2        2103035      1        9        940410       3.47   89       0        445556      10566.40    0.00        10566.40   
  3        2800996      1        1        1905588      7.03   65       0        439150      29316.74    0.00        29316.74   
  4        2800992      1        1        2300615      8.48   65       0        425213      35394.08    0.00        35394.08   
  5        2815451      1        2        1061605      3.91   74       0        404758      14346.01    0.00        14346.01   
  6        2024219      1        1        2817037      10.39  86       49       83655       32756.24    45048.29    16477.59   
  7        2103229      1        4        105277       0.39   2        0        80501       52638.50    0.00        52638.50   
  8        2018059      1        2        128975       0.48   2        0        70535       64487.50    0.00        64487.50   
  9        2103436      1        4        91535        0.34   2        0        67001       45767.50    0.00        45767.50   
  10       2103228      1        4        92337        0.34   2        0        66260       46168.50    0.00        46168.50   
  11       2103420      1        4        89575        0.33   2        0        65227       44787.50    0.00        44787.50   
  12       2103267      1        5        87427        0.32   2        0        64819       43713.50    0.00        43713.50   
  13       2103435      1        4        84163        0.31   2        0        58279       42081.50    0.00        42081.50   
  14       2103419      1        4        84122        0.31   2        0        58267       42061.00    0.00        42061.00   
  15       2103266      1        6        78882        0.29   2        0        58163       39441.00    0.00        39441.00   
  16       2103270      1        5        77549        0.29   2        0        54417       38774.50    0.00        38774.50   
  17       2102480      1        10       95729        0.35   2        0        54146       47864.50    0.00        47864.50   
  18       2103186      1        4        77155        0.28   2        0        53314       38577.50    0.00        38577.50   
  19       2103124      1        4        72831        0.27   2        0        51680       36415.50    0.00        36415.50   
  20       2810020      1        2        1890744      6.97   89       0        50961       21244.31    0.00        21244.31   
  21       2102511      1        10       303353       1.12   89       0        49572       3408.46     0.00        3408.46    
  22       2014958      1        1        99424        0.37   5        0        46706       19884.80    0.00        19884.80   
  23       2102466      1        9        67007        0.25   2        1        46206       33503.50    46206.00    20801.00   
  24       2103125      1        4        73015        0.27   2        0        46138       36507.50    0.00        36507.50   
  25       2102481      1        10       67416        0.25   2        0        45728       33708.00    0.00        33708.00   
  26       2102939      1        7        82181        0.30   2        0        45638       41090.50    0.00        41090.50   
  27       2102955      1        4        81127        0.30   2        0        44927       40563.50    0.00        40563.50   
  28       2103187      1        4        84450        0.31   2        0        44308       42225.00    0.00        42225.00   
  29       2800546      1        3        70843        0.26   2        2        40984       35421.50    35421.50    0.00       
  30       2102949      1        7        61191        0.23   2        0        39805       30595.50    0.00        30595.50   
  31       2805141      1        4        1166834      4.30   190      0        39433       6141.23     0.00        6141.23    
  32       2025090      1        1        62384        0.23   2        1        39383       31192.00    39383.00    23001.00   
  33       2102383      1        21       61100        0.23   2        0        39019       30550.00    0.00        30550.00   
  34       2102472      1        11       60071        0.22   2        0        38963       30035.50    0.00        30035.50   
  35       2807856      1        2        142501       0.53   11       0        35913       12954.64    0.00        12954.64   
  36       2800987      1        1        210166       0.77   65       0        35552       3233.32     0.00        3233.32    
  37       2820646      1        1        56888        0.21   2        1        35537       28444.00    35537.00    21351.00   
  38       2800993      1        1        1318451      4.86   65       0        34875       20283.86    0.00        20283.86   
  39       2001569      1        15       33496        0.12   1        1        33496       33496.00    33496.00    0.00       
  40       2103232      1        4        61417        0.23   2        0        33333       30708.50    0.00        30708.50   
  41       2103424      1        4        54791        0.20   2        0        33110       27395.50    0.00        27395.50   
  42       2103129      1        4        57029        0.21   2        0        32193       28514.50    0.00        28514.50   
  43       2102979      1        4        58836        0.22   2        0        32141       29418.00    0.00        29418.00   
  44       2103128      1        4        54652        0.20   2        0        31907       27326.00    0.00        27326.00   
  45       2103439      1        4        53573        0.20   2        0        31647       26786.50    0.00        26786.50   
  46       2103233      1        5        57999        0.21   2        0        31535       28999.50    0.00        28999.50   
  47       2103440      1        4        53577        0.20   2        0        31328       26788.50    0.00        26788.50   
  48       2103003      1        7        51179        0.19   2        0        31056       25589.50    0.00        25589.50   
  49       2103423      1        4        53634        0.20   2        0        30281       26817.00    0.00        26817.00   
  50       2102191      1        4        45195        0.17   2        0        29487       22597.50    0.00        22597.50   
  51       2102998      1        6        52199        0.19   2        0        29220       26099.50    0.00        26099.50   
  52       2102970      1        5        58267        0.21   2        0        29215       29133.50    0.00        29133.50   
  53       2012084      1        2        54413        0.20   2        0        28969       27206.50    0.00        27206.50   
  54       2103191      1        4        51290        0.19   2        0        28811       25645.00    0.00        25645.00   
  55       2103271      1        5        52085        0.19   2        0        28560       26042.50    0.00        26042.50   
  56       2102999      1        7        51293        0.19   2        0        28413       25646.50    0.00        25646.50   
  57       2102971      1        5        51071        0.19   2        0        28318       25535.50    0.00        25535.50   
  58       2103190      1        4        50674        0.19   2        0        28168       25337.00    0.00        25337.00   
  59       2012094      1        2        41978        0.15   2        0        27832       20989.00    0.00        20989.00   
  60       2102258      1        10       43673        0.16   2        0        27218       21836.50    0.00        21836.50   
  61       2800986      1        1        211345       0.78   65       0        26239       3251.46     0.00        3251.46    
  62       2800542      1        2        25862        0.10   1        0        25862       25862.00    0.00        25862.00   
  63       2807546      1        6        214279       0.79   70       0        24998       3061.13     0.00        3061.13    
  64       2821020      1        2        34313        0.13   5        0        24151       6862.60     0.00        6862.60    
  65       2804927      1        2        22195        0.08   1        0        22195       22195.00    0.00        22195.00   
  66       2102471      1        12       42693        0.16   2        0        21766       21346.50    0.00        21346.50   
  67       2102468      1        9        42084        0.16   2        0        21438       21042.00    0.00        21042.00   
  68       2102402      1        6        37632        0.14   2        0        21147       18816.00    0.00        18816.00   
  69       2804982      1        2        261742       0.96   75       0        21015       3489.89     0.00        3489.89    
  70       2022546      1        1        221728       0.82   67       0        20795       3309.37     0.00        3309.37    
  71       2801471      1        8        65364        0.24   4        0        20278       16341.00    0.00        16341.00   
  72       2018281      1        4        210663       0.78   70       0        19338       3009.47     0.00        3009.47    
  73       2810650      1        1        143268       0.53   48       0        19124       2984.75     0.00        2984.75    
  74       2024216      1        1        63796        0.24   5        0        18716       12759.20    0.00        12759.20   
  75       2014957      1        1        99030        0.37   9        0        18697       11003.33    0.00        11003.33   
  76       2017944      1        5        35569        0.13   2        0        18670       17784.50    0.00        17784.50   
  77       2800990      1        1        193294       0.71   65       0        17286       2973.75     0.00        2973.75    
  78       2022132      1        1        170643       0.63   16       0        16777       10665.19    0.00        10665.19   
  79       2810452      1        3        48232        0.18   12       0        16770       4019.33     0.00        4019.33    
  80       2024217      1        2        46273        0.17   4        0        16623       11568.25    0.00        11568.25   
  81       2009387      1        4        127269       0.47   38       0        16050       3349.18     0.00        3349.18    
  82       2102523      1        8        35198        0.13   7        0        15942       5028.29     0.00        5028.29    
  83       2828876      1        1        260299       0.96   89       0        15861       2924.71     0.00        2924.71    
  84       2024430      1        3        43596        0.16   4        0        15481       10899.00    0.00        10899.00   
  85       2014956      1        1        59917        0.22   5        0        15291       11983.40    0.00        11983.40   
  86       2020020      1        1        31196        0.12   7        0        15250       4456.57     0.00        4456.57    
  87       2805446      1        5        189973       0.70   64       0        14908       2968.33     0.00        2968.33    
  88       2103002      1        5        260092       0.96   89       0        13650       2922.38     0.00        2922.38    
  89       2800794      1        5        25186        0.09   2        0        13171       12593.00    0.00        12593.00   
  90       2800796      1        5        24748        0.09   2        0        13148       12374.00    0.00        12374.00   
  91       2022547      1        1        42726        0.16   11       0        7847        3884.18     0.00        3884.18    
  92       2103019      1        5        249721       0.92   89       0        6401        2805.85     0.00        2805.85    
  93       2008299      1        4        33647        0.12   10       0        6137        3364.70     0.00        3364.70    
  94       2806561      1        5        23302        0.09   6        0        5743        3883.67     0.00        3883.67    
  95       2021976      1        2        181686       0.67   66       0        4803        2752.82     0.00        2752.82    
  96       2103158      1        6        233798       0.86   82       0        4590        2851.20     0.00        2851.20    
  97       2103029      1        6        244461       0.90   89       0        4575        2746.75     0.00        2746.75    
  98       2103258      1        5        8250         0.03   2        0        4536        4125.00     0.00        4125.00    
  99       2103224      1        4        7498         0.03   2        0        4454        3749.00     0.00        3749.00    
  100      2000333      1        11       7593         0.03   2        0        4315        3796.50     0.00        3796.50    
  101      2102966      1        5        8090         0.03   2        0        4306        4045.00     0.00        4045.00    
  102      2102947      1        6        7546         0.03   2        0        4279        3773.00     0.00        3773.00    
  103      2024778      1        1        17368        0.06   5        0        4255        3473.60     0.00        3473.60    
  104      2103225      1        4        7788         0.03   2        0        4231        3894.00     0.00        3894.00    
  105      2819805      1        3        242411       0.89   87       0        4188        2786.33     0.00        2786.33    
  106      2810649      1        1        9449         0.03   3        0        4174        3149.67     0.00        3149.67    
  107      2102103      1        10       6686         0.02   2        0        4137        3343.00     0.00        3343.00    
  108      2103412      1        4        7543         0.03   2        0        4049        3771.50     0.00        3771.50    
  109      2103178      1        4        7856         0.03   2        0        4015        3928.00     0.00        3928.00    
  110      2103183      1        4        7588         0.03   2        0        4008        3794.00     0.00        3794.00    
  111      2021978      1        6        178715       0.66   66       0        4006        2707.80     0.00        2707.80    
  112      2008306      1        3        212183       0.78   74       0        3960        2867.34     0.00        2867.34    
  113      2008301      1        3        31685        0.12   11       0        3943        2880.45     0.00        2880.45    
  114      2025018      1        2        34847        0.13   12       0        3943        2903.92     0.00        2903.92    
  115      2103221      1        4        7520         0.03   2        0        3896        3760.00     0.00        3760.00    
  116      2102190      1        5        21785        0.08   7        0        3883        3112.14     0.00        3112.14    
  117      2823337      1        2        47648        0.18   17       0        3878        2802.82     0.00        2802.82    
  118      2823334      1        2        32663        0.12   12       0        3853        2721.92     0.00        2721.92    
  119      2001580      1        15       9973         0.04   3        0        3835        3324.33     0.00        3324.33    
  120      2103001      1        5        244272       0.90   89       0        3832        2744.63     0.00        2744.63    
  121      2003068      1        7        10532        0.04   3        0        3825        3510.67     0.00        3510.67    
  122      2008309      1        3        29905        0.11   10       0        3824        2990.50     0.00        2990.50    
  123      2103159      1        4        15548        0.06   5        0        3806        3109.60     0.00        3109.60    
  124      2100536      1        13       6889         0.03   2        0        3798        3444.50     0.00        3444.50    
  125      2103179      1        4        7

This file has been truncated. Go here to download in full.


packet_stats.log - (7617 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
Packet profile dump:

IP ver   Proto   cnt            min            max            avg            tot           %% 
------   -----   ----------     ------------   ------------   -----------    -----------   ---
 IPv4       1             6          3936070       92766115      33873758        203.2m    1.61
 IPv4       6           199          1907163       95397620      62405499         12.4b   98.39
Note: Protocol 256 tracks pseudo/tunnel packets.

Per Thread module stats:

Thread Module              IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---
TMM_FLOWWORKER              IPv4       1             6            70010         359078        150334        902.0k    0.95
TMM_FLOWWORKER              IPv4       6           199            76093       11252292        466284         92.8m   97.69
TMM_RECEIVEPCAPFILE         IPv4       1             6             2803          13199          4564         27.4k    0.03
TMM_RECEIVEPCAPFILE         IPv4       6           197             2535          35748          3160        622.6k    0.66
TMM_DECODEPCAPFILE          IPv4       1             6             2952          42297          9686         58.1k    0.06
TMM_DECODEPCAPFILE          IPv4       6           197             2648          12352          2941        579.5k    0.61

Flow Worker            IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
flow                    IPv4       1             6             2997          28509          9186         55.1k  0.07  
flow                    IPv4       6           197             2851          26993          3711        731.2k  0.93  
stream                  IPv4       6           199             2691         115153         11713          2.3m  2.96  
detect                  IPv4       1             6            57792         280267        125248        751.5k  0.95  
detect                  IPv4       6           199            51363       10145959        371383         73.9m  93.78 
tcp-prune               IPv4       6           199             2558         390844          5189          1.0m  1.31  
Note: stream includes app-layer for TCP

Per App layer parser stats:

App Layer              IP ver   Proto   cnt            min            max            avg         
--------------------   ------   -----   ----------     ------------   ------------   ----------- 
smb                     IPv4       6             2             3755           6597          5176         10.4k  100.00

Log Thread Module          IP ver   Proto   cnt            min            max            avg            tot           %% 
------------------------   ------   -----   ----------     ------------   ------------   -----------    -----------   ---

Logger/output stats:

Logger                     IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
LOGGER_ALERT_FAST           IPv4       6             3            71435       10110514       3421972         10.3m  92.42 
LOGGER_UNIFIED2             IPv4       6             3            45145         180715        101394        304.2k  2.74  
LOGGER_JSON_ALERT           IPv4       6             3            89956         346846        179338        538.0k  4.84  

Prefilter                        IP ver   Proto   cnt            min            max            avg            tot          %% 
--------------------             ------   -----   ----------     ------------   ------------   -----------    ---------    ---
payload                           IPv4       1             6             3842          32099         10656        63.9k  1.06  
payload                           IPv4       6           177             2614         519046         20129         3.6m  59.25 
stream                            IPv4       6           177             2535         390716         13484         2.4m  39.69 
Total                             IPv4                   360                                         16704         6.0m

General detection engine stats:

Detection phase            IP ver   Proto   cnt            min            max            avg            tot         
------------------------   ------   -----   ----------     ------------   ------------   -----------    ----------- 
PROF_DETECT_IPONLY          IPv4       1             4            36674         117545         66070        264.3k  0.34  
PROF_DETECT_IPONLY          IPv4       6             4            37560          49156         42996        172.0k  0.22  
PROF_DETECT_RULES           IPv4       1             6             2553          32322          9675         58.0k  0.07  
PROF_DETECT_RULES           IPv4       6           199             2540       10014121        243701         48.5m  62.01 
PROF_DETECT_STATEFUL_START    IPv4       6             1            24996          24996         24996         25.0k  0.03  
PROF_DETECT_STATEFUL_CONT    IPv4       1             6             2763           3350          2937         17.6k  0.02  
PROF_DETECT_STATEFUL_CONT    IPv4       6           199             2729          90950         14071          2.8m  3.58  
PROF_DETECT_STATEFUL_UPDATE    IPv4       6           189             2549          22705          2952        558.0k  0.71  
PROF_DETECT_PREFILTER       IPv4       1             6            20062          55709         28148        168.9k  0.22  
PROF_DETECT_PREFILTER       IPv4       6           199             8309         557315         63761         12.7m  16.22 
PROF_DETECT_PF_PAYLOAD      IPv4       1             6             9164          38565         16155         96.9k  0.12  
PROF_DETECT_PF_PAYLOAD      IPv4       6           177            13409         529922         42782          7.6m  9.68  
PROF_DETECT_PF_TX           IPv4       6           189             2641          40113          3224        609.4k  0.78  
PROF_DETECT_PF_SORT1        IPv4       6           107             2757          23015          4640        496.6k  0.63  
PROF_DETECT_PF_SORT2        IPv4       1             6             2580           3854          2960         17.8k  0.02  
PROF_DETECT_PF_SORT2        IPv4       6           199             2547         392814          5623          1.1m  1.43  
PROF_DETECT_NONMPMLIST      IPv4       1             6             2636           3033          2824         16.9k  0.02  
PROF_DETECT_NONMPMLIST      IPv4       6           199             2576          17296          3052        607.4k  0.78  
PROF_DETECT_ALERT           IPv4       1             6             2538          20550          5627         33.8k  0.04  
PROF_DETECT_ALERT           IPv4       6           199             2521          39062          5115          1.0m  1.30  
PROF_DETECT_CLEANUP         IPv4       1             6             2545           4250          2981         17.9k  0.02  
PROF_DETECT_CLEANUP         IPv4       6           199             2568          21206          3281        653.0k  0.83  
PROF_DETECT_GETSGH          IPv4       1             6             2803          11433          4386         26.3k  0.03  
PROF_DETECT_GETSGH          IPv4       6           199             2540          34760          3371        671.0k  0.86  


suricata-4.0.0-etpro-all-alert-2019-05-17-T-11-18-23-05172019.1117-eternalromance-success-2008r2.pcap.txt - (628 bytes) - download
1
2
3
04/17/2017-16:17:00.152564  [**] [1:2102466:9] GPL NETBIOS SMB-DS IPC$ unicode share access [**] [Classification: Generic Protocol Command Decode] [Priority: 3] {TCP} 10.99.99.8:51661 -> 172.23.33.10:445
04/17/2017-16:17:01.718216  [**] [1:2024219:1] ET EXPLOIT Possible ETERNALROMANCE MS17-010 Heap Spray [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.99.99.8:51661 -> 172.23.33.10:445
04/17/2017-16:17:01.736760  [**] [1:2024219:1] ET EXPLOIT Possible ETERNALROMANCE MS17-010 Heap Spray [**] [Classification: A Network Trojan was detected] [Priority: 1] {TCP} 10.99.99.8:51661 -> 172.23.33.10:445


stats.log - (2534 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
------------------------------------------------------------------------------------
Date: 5/17/2019 -- 11:18:23 (uptime: 0d, 00h 00m 01s)
------------------------------------------------------------------------------------
Counter                                    | TM Name                   | Value
------------------------------------------------------------------------------------
decoder.pkts                               | Total                     | 205
decoder.bytes                              | Total                     | 32145
decoder.ipv4                               | Total                     | 203
decoder.ethernet                           | Total                     | 205
decoder.tcp                                | Total                     | 197
decoder.icmpv4                             | Total                     | 6
decoder.avg_pkt_size                       | Total                     | 156
decoder.max_pkt_size                       | Total                     | 3785
flow.tcp                                   | Total                     | 3
tcp.sessions                               | Total                     | 3
tcp.syn                                    | Total                     | 7
tcp.synack                                 | Total                     | 1
tcp.rst                                    | Total                     | 1
detect.alert                               | Total                     | 3
detect.mpm_list                            | Total                     | 14
detect.nonmpm_list                         | Total                     | 3
detect.fnonmpm_list                        | Total                     | 1
detect.match_list                          | Total                     | 15
app_layer.flow.smb                         | Total                     | 1
flow.spare                                 | Total                     | 10000
flow_mgr.flows_checked                     | Total                     | 3
flow_mgr.flows_notimeout                   | Total                     | 3
flow_mgr.rows_checked                      | Total                     | 65536
flow_mgr.rows_empty                        | Total                     | 65533
flow_mgr.rows_maxlen                       | Total                     | 1
tcp.memuse                                 | Total                     | 573440
tcp.reassembly_memuse                      | Total                     | 81920
flow.memuse                                | Total                     | 7075168


eve.json - (1236 bytes) - download
1
2
3
{"timestamp":"2017-04-17T16:17:00.152564+0000","flow_id":503421345744296,"pcap_cnt":14,"event_type":"alert","src_ip":"10.99.99.8","src_port":51661,"dest_ip":"172.23.33.10","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2102466,"rev":9,"signature":"GPL NETBIOS SMB-DS IPC$ unicode share access","category":"Generic Protocol Command Decode","severity":3},"app_proto":"smb"}
{"timestamp":"2017-04-17T16:17:01.718216+0000","flow_id":503421345744296,"pcap_cnt":100,"event_type":"alert","src_ip":"10.99.99.8","src_port":51661,"dest_ip":"172.23.33.10","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024219,"rev":1,"signature":"ET EXPLOIT Possible ETERNALROMANCE MS17-010 Heap Spray","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}
{"timestamp":"2017-04-17T16:17:01.736760+0000","flow_id":503421345744296,"pcap_cnt":140,"event_type":"alert","src_ip":"10.99.99.8","src_port":51661,"dest_ip":"172.23.33.10","dest_port":445,"proto":"TCP","alert":{"action":"allowed","gid":1,"signature_id":2024219,"rev":1,"signature":"ET EXPLOIT Possible ETERNALROMANCE MS17-010 Heap Spray","category":"A Network Trojan was detected","severity":1},"app_proto":"smb"}


keyword_perf.log - (6340 bytes) - download
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
  --------------------------------------------------------------------------------------------------------------------------------
  Date: 5/17/2019 -- 11:18:23
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: total
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            8020            1               1               8020            8020.00         8020.00         0.00           
  flow             171342          56              56              10029           3059.00         3059.00         0.00           
  threshold        235256          52              2               24101           4524.00         3021.00         4584.00        
  content          5839581         1608            1168            421555          3631.00         3659.00         3557.00        
  pcre             212589          38              0               23672           5594.00         0.00            5594.00        
  byte_test        1156814         395             157             16759           2928.00         2927.00         2929.00        
  byte_jump        314812          110             105             4352            2861.00         2862.00         2847.00        
  isdataat         23884           8               8               3638            2985.00         2985.00         0.00           
  flowbits         10932           3               3               5555            3644.00         3644.00         0.00           
  byte_extract     8566            2               2               4312            4283.00         4283.00         0.00           
  dce_iface        272263          94              0               9401            2896.00         0.00            2896.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flags            8020            1               1               8020            8020.00         8020.00         0.00           
  flow             171342          56              56              10029           3059.00         3059.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: packet/stream payload
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  content          5839581         1608            1168            421555          3631.00         3659.00         3557.00        
  pcre             212589          38              0               23672           5594.00         0.00            5594.00        
  byte_test        1156814         395             157             16759           2928.00         2927.00         2929.00        
  byte_jump        314812          110             105             4352            2861.00         2862.00         2847.00        
  isdataat         23884           8               8               3638            2985.00         2985.00         0.00           
  byte_extract     8566            2               2               4312            4283.00         4283.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: post-match
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  flowbits         10932           3               3               5555            3644.00         3644.00         0.00           
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: threshold
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  threshold        235256          52              2               24101           4524.00         3021.00         4584.00        
  --------------------------------------------------------------------------------------------------------------------------------
  Stats for: dce_generic
  --------------------------------------------------------------------------------------------------------------------------------
  Keyword          Ticks           Checks          Matches         Max Ticks       Avg             Avg Match       Avg No Match   
  ---------------- --------------- --------------- --------------- --------------- --------------- --------------- --------------- 
  dce_iface        272263          94              0               9401            2896.00         0.00            2896.00        


suricata-report-2019-05-17-T-11-18-23-05172019.1117-eternalromance-success-2008r2.pcap.txt - (17692 bytes) - download
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
lastcmd:ulimit -c unlimited; /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/dc828b1dbbe33388e39d8fa0b169ad5f56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05172019.1117-eternalromance-success-2008r2.pcap -vvv -k none
elapsedtime:25.083554
stderr:
stdout:
17/5/2019 -- 11:17:58 - <Info> - Configuration node 'rule-files' redefined.
17/5/2019 -- 11:17:58 - <Notice> - This is Suricata version 4.0.0 RELEASE
17/5/2019 -- 11:17:58 - <Info> - CPUs/cores online: 1
17/5/2019 -- 11:17:58 - <Config> - 'default' server has 'request-body-minimal-inspect-size' set to 31360 and 'request-body-inspect-window' set to 15988 after randomization.
17/5/2019 -- 11:17:58 - <Config> - 'default' server has 'response-body-minimal-inspect-size' set to 31884 and 'response-body-inspect-window' set to 17019 after randomization.
17/5/2019 -- 11:17:58 - <Config> - DNS request flood protection level: 500
17/5/2019 -- 11:17:58 - <Config> - DNS per flow memcap (state-memcap): 524288
17/5/2019 -- 11:17:58 - <Config> - DNS global memcap: 16777216
17/5/2019 -- 11:17:58 - <Config> - allocated 262144 bytes of memory for the host hash... 4096 buckets of size 64
17/5/2019 -- 11:17:58 - <Config> - preallocated 1000 hosts of size 136
17/5/2019 -- 11:17:58 - <Config> - host memory usage: 398144 bytes, maximum: 16777216
17/5/2019 -- 11:17:58 - <Config> - using magic-file /usr/share/file/magic
17/5/2019 -- 11:17:58 - <Config> - Core dump size is unlimited.
17/5/2019 -- 11:17:58 - <Config> - allocated 3670016 bytes of memory for the defrag hash... 65536 buckets of size 56
17/5/2019 -- 11:17:58 - <Config> - preallocated 1000 defrag trackers of size 168
17/5/2019 -- 11:17:58 - <Config> - defrag memory usage: 3838016 bytes, maximum: 33554432
17/5/2019 -- 11:17:58 - <Config> - stream "prealloc-sessions": 2048 (per thread)
17/5/2019 -- 11:17:58 - <Config> - stream "memcap": 33554432
17/5/2019 -- 11:17:58 - <Config> - stream "midstream" session pickups: disabled
17/5/2019 -- 11:17:58 - <Config> - stream "async-oneside": disabled
17/5/2019 -- 11:17:58 - <Config> - stream "checksum-validation": disabled
17/5/2019 -- 11:17:58 - <Config> - stream."inline": disabled
17/5/2019 -- 11:17:58 - <Config> - stream "bypass": disabled
17/5/2019 -- 11:17:58 - <Config> - stream "max-synack-queued": 5
17/5/2019 -- 11:17:58 - <Config> - stream.reassembly "memcap": 134217728
17/5/2019 -- 11:17:58 - <Config> - stream.reassembly "depth": 0
17/5/2019 -- 11:17:58 - <Config> - stream.reassembly "toserver-chunk-size": 2531
17/5/2019 -- 11:17:58 - <Config> - stream.reassembly "toclient-chunk-size": 2660
17/5/2019 -- 11:17:58 - <Config> - stream.reassembly.raw: enabled
17/5/2019 -- 11:17:58 - <Config> - stream.reassembly "segment-prealloc": 2048
17/5/2019 -- 11:17:58 - <Config> - Delayed detect disabled
17/5/2019 -- 11:17:58 - <Config> - pattern matchers: MPM: ac, SPM: bm
17/5/2019 -- 11:17:58 - <Config> - grouping: tcp-whitelist (default) 53, 80, 139, 443, 445, 1433, 3306, 3389, 6666, 6667, 8080
17/5/2019 -- 11:17:58 - <Config> - grouping: udp-whitelist (default) 53, 135, 5060
17/5/2019 -- 11:17:58 - <Config> - prefilter engines: MPM
17/5/2019 -- 11:17:58 - <Config> - IP reputation disabled
17/5/2019 -- 11:17:58 - <Perf> - Registered 148 keyword profiling counters.
17/5/2019 -- 11:17:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ftp.rules
17/5/2019 -- 11:17:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-policy.rules
17/5/2019 -- 11:17:58 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-trojan.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-games.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-pop3.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-user_agents.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-activex.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-rpc.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-attack_response.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp.rules
17/5/2019 -- 11:18:03 - <Config> - No rules loaded from ET-icmp.rules.
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-scan.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-voip.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-chat.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-icmp_info.rules
17/5/2019 -- 11:18:03 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-info.rules
17/5/2019 -- 11:18:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-shellcode.rules
17/5/2019 -- 11:18:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_client.rules
17/5/2019 -- 11:18:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-imap.rules
17/5/2019 -- 11:18:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_server.rules
17/5/2019 -- 11:18:04 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-current_events.rules
17/5/2019 -- 11:18:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-inappropriate.rules
17/5/2019 -- 11:18:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-smtp.rules
17/5/2019 -- 11:18:07 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-web_specific_apps.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-deleted.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-malware.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-snmp.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-worm.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dns.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-misc.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-sql.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dos.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-netbios.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-telnet.rules
17/5/2019 -- 11:18:09 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-exploit.rules
17/5/2019 -- 11:18:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-p2p.rules
17/5/2019 -- 11:18:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tftp.rules
17/5/2019 -- 11:18:10 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-mobile_malware.rules
17/5/2019 -- 11:18:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-botcc.rules
17/5/2019 -- 11:18:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-compromised.rules
17/5/2019 -- 11:18:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-drop.rules
17/5/2019 -- 11:18:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-dshield.rules
17/5/2019 -- 11:18:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-tor.rules
17/5/2019 -- 11:18:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/ET-ciarmy.rules
17/5/2019 -- 11:18:11 - <Config> - Loading rule file: /opt/suricata400/etc/etpro/local.rules
17/5/2019 -- 11:18:11 - <Config> - No rules loaded from local.rules.
17/5/2019 -- 11:18:11 - <Info> - 44 rule files processed. 39585 rules successfully loaded, 0 rules failed
17/5/2019 -- 11:18:11 - <Info> - Threshold config parsed: 0 rule(s) found
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for tcp-packet
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for tcp-stream
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for udp-packet
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for other-ip
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_uri
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_request_line
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_client_body
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_response_line
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_header
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_header
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_header_names
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_header_names
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_accept
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_accept_enc
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_accept_lang
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_referer
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_connection
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_content_len
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_content_len
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_content_type
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_content_type
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_protocol
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_protocol
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_start
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_start
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_raw_header
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_raw_header
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_method
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_cookie
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_cookie
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_raw_uri
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_user_agent
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_host
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_raw_host
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_stat_msg
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_stat_code
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for dns_query
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for tls_sni
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for tls_cert_issuer
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for tls_cert_subject
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for tls_cert_serial
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for dce_stub_data
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for dce_stub_data
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for ssh_protocol
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for ssh_protocol
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for ssh_software
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for ssh_software
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for file_data
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for file_data
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_request_line
17/5/2019 -- 11:18:12 - <Perf> - using shared mpm ctx' for http_response_line
17/5/2019 -- 11:18:12 - <Info> - 39590 signatures processed. 1175 are IP-only rules, 15422 are inspecting packet payload, 27448 inspect application layer, 0 are decoder event only
17/5/2019 -- 11:18:12 - <Config> - building signature grouping structure, stage 1: preprocessing rules... complete
17/5/2019 -- 11:18:12 - <Perf> - TCP toserver: 41 port groups, 37 unique SGH's, 4 copies
17/5/2019 -- 11:18:12 - <Perf> - TCP toclient: 21 port groups, 20 unique SGH's, 1 copies
17/5/2019 -- 11:18:12 - <Perf> - UDP toserver: 41 port groups, 27 unique SGH's, 14 copies
17/5/2019 -- 11:18:12 - <Perf> - UDP toclient: 21 port groups, 17 unique SGH's, 4 copies
17/5/2019 -- 11:18:12 - <Perf> - OTHER toserver: 254 proto groups, 3 unique SGH's, 251 copies
17/5/2019 -- 11:18:12 - <Perf> - OTHER toclient: 254 proto groups, 0 unique SGH's, 254 copies
17/5/2019 -- 11:18:20 - <Perf> - Unique rule groups: 104
17/5/2019 -- 11:18:20 - <Perf> - Builtin MPM "toserver TCP packet": 35
17/5/2019 -- 11:18:20 - <Perf> - Builtin MPM "toclient TCP packet": 17
17/5/2019 -- 11:18:20 - <Perf> - Builtin MPM "toserver TCP stream": 33
17/5/2019 -- 11:18:20 - <Perf> - Builtin MPM "toclient TCP stream": 19
17/5/2019 -- 11:18:20 - <Perf> - Builtin MPM "toserver UDP packet": 27
17/5/2019 -- 11:18:20 - <Perf> - Builtin MPM "toclient UDP packet": 17
17/5/2019 -- 11:18:20 - <Perf> - Builtin MPM "other IP packet": 3
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_uri": 14
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_request_line": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_client_body": 6
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient http_response_line": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_header": 10
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient http_header": 6
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_header_names": 2
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_accept": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_referer": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_content_len": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_content_type": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient http_content_type": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_protocol": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_start": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_raw_header": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient http_raw_header": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_method": 5
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_cookie": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient http_cookie": 2
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_raw_uri": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_user_agent": 6
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver http_host": 2
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient http_stat_code": 2
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver dns_query": 4
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver tls_sni": 2
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient tls_cert_issuer": 2
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient tls_cert_subject": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient tls_cert_serial": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver ssh_protocol": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toserver file_data": 1
17/5/2019 -- 11:18:20 - <Perf> - AppLayer MPM "toclient file_data": 7
17/5/2019 -- 11:18:22 - <Perf> - Registered 39590 rule profiling counters.
17/5/2019 -- 11:18:22 - <Info> - fast output device (regular) initialized: alert
17/5/2019 -- 11:18:22 - <Info> - eve-log output device (regular) initialized: eve.json
17/5/2019 -- 11:18:22 - <Config> - enabling 'eve-log' module 'alert'
17/5/2019 -- 11:18:22 - <Config> - enabling 'eve-log' module 'http'
17/5/2019 -- 11:18:22 - <Config> - enabling 'eve-log' module 'dns'
17/5/2019 -- 11:18:22 - <Config> - enabling 'eve-log' module 'tls'
17/5/2019 -- 11:18:22 - <Config> - enabling 'eve-log' module 'files'
17/5/2019 -- 11:18:22 - <Config> - enabling 'eve-log' module 'ssh'
17/5/2019 -- 11:18:22 - <Info> - Unified2-alert initialized: filename unified2.alert, limit 32 MB
17/5/2019 -- 11:18:22 - <Info> - stats output device (regular) initialized: stats.log
17/5/2019 -- 11:18:22 - <Config> - AutoFP mode using "Hash" flow load balancer
17/5/2019 -- 11:18:22 - <Info> - reading pcap file /var/pcap/05172019.1117-eternalromance-success-2008r2.pcap
17/5/2019 -- 11:18:22 - <Config> - using 1 flow man

This file has been truncated. Go here to download in full.


IDSDeathBlossom.py.log - (1169 bytes) - download
1
2
3
4
5
6
7
8
2019-05-17 11:17:57,461 - INFO - __init__ - /opt/IDSDeathBlossom/IDSDeathBlossom.py +38 - DBType: MYSQL
2019-05-17 11:17:58,220 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +247 - Runmode set to run
2019-05-17 11:17:58,220 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +248 - Targets set to suricata-4.0.0-etpro-all
2019-05-17 11:17:58,221 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +320 - looping 1 times in runmode run
2019-05-17 11:17:58,221 - INFO - run - /opt/IDSDeathBlossom/IDSDeathBlossom.py +330 - run with success 0 out of 1
2019-05-17 11:17:58,221 - INFO - execute - /opt/IDSDeathBlossom/IDSDeathBlossom.py +207 - Executing: /opt/suricata400/bin/suricata -c /opt/suricata400/etc/etpro/suricata400-etpro-all.yaml -l /var/www/html/dc828b1dbbe33388e39d8fa0b169ad5f56b33745cb75ec8c950e11a498e082d2 -r /var/pcap/05172019.1117-eternalromance-success-2008r2.pcap -vvv -k none
2019-05-17 11:18:23,307 - INFO - run_ids - /opt/IDSDeathBlossom/IDSDeathBlossom.py +244 - suricata ran successfully
2019-05-17 11:18:23,308 - INFO - <module> - /opt/IDSDeathBlossom/IDSDeathBlossom.py +275 - Total time for the idstool 25.8558249474