-
Notifications
You must be signed in to change notification settings - Fork 28
/
fix_bug_without_int.json
91 lines (91 loc) · 2.65 KB
/
fix_bug_without_int.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
{
"input": {
"message": "1,2023/06/16 10:41:44,001701003551,TRAFFIC,end,2305,2023/06/16 10:41:44,1.2.3.4,5.6.7.8,0.0.0.0,0.0.0.0,GEN_WINLOG_Users,domainusername,destuser,windows-remote-management,vsys1,PDT_STD,INFRA_ADM,aaa.111,aaa.111,Syslog_Test,2023/06/16 10:41:44,234981,1,51413,5985,0,0,0x1c,tcp,allow,2346,1974,372,9,2023/06/16 10:41:26,16,not-resolved,0,69678105127,0x0,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,0,6,3,tcp-fin,0,0,0,0,,FWPA01,from-policy,,,0,,0,,N/A,0,0,0,0,5e7eca5b-f585-4633-bbd4-9ed431f7f95b,0,0,,,,,,,"
},
"expected": {
"message": "1,2023/06/16 10:41:44,001701003551,TRAFFIC,end,2305,2023/06/16 10:41:44,1.2.3.4,5.6.7.8,0.0.0.0,0.0.0.0,GEN_WINLOG_Users,domainusername,destuser,windows-remote-management,vsys1,PDT_STD,INFRA_ADM,aaa.111,aaa.111,Syslog_Test,2023/06/16 10:41:44,234981,1,51413,5985,0,0,0x1c,tcp,allow,2346,1974,372,9,2023/06/16 10:41:26,16,not-resolved,0,69678105127,0x0,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,0,6,3,tcp-fin,0,0,0,0,,FWPA01,from-policy,,,0,,0,,N/A,0,0,0,0,5e7eca5b-f585-4633-bbd4-9ed431f7f95b,0,0,,,,,,,",
"event": {
"action": "allow",
"category": [
"network"
],
"dataset": "traffic",
"duration": 16,
"outcome": "success",
"type": [
"end"
]
},
"@timestamp": "2023-06-16T10:41:44Z",
"action": {
"name": "allow",
"outcome": "success",
"type": "end"
},
"destination": {
"address": "5.6.7.8",
"bytes": 372,
"ip": "5.6.7.8",
"nat": {
"ip": "0.0.0.0",
"port": 0
},
"packets": 3,
"port": 5985,
"user": {
"name": "destuser"
}
},
"log": {
"hostname": "FWPA01",
"logger": "traffic"
},
"network": {
"application": "windows-remote-management",
"bytes": 2346,
"packets": 9,
"transport": "tcp"
},
"observer": {
"name": "FWPA01",
"product": "PAN-OS",
"serial_number": "001701003551"
},
"paloalto": {
"Threat_ContentType": "end",
"VirtualLocation": "vsys1"
},
"related": {
"ip": [
"0.0.0.0",
"1.2.3.4",
"5.6.7.8"
],
"user": [
"destuser",
"domainusername"
]
},
"rule": {
"name": "GEN_WINLOG_Users",
"uuid": "5e7eca5b-f585-4633-bbd4-9ed431f7f95b"
},
"source": {
"address": "1.2.3.4",
"bytes": 1974,
"ip": "1.2.3.4",
"nat": {
"ip": "0.0.0.0",
"port": 0
},
"packets": 6,
"port": 51413,
"user": {
"name": "domainusername"
}
},
"user": {
"name": "domainusername"
}
}
}