-
Notifications
You must be signed in to change notification settings - Fork 28
/
tcp_allow_csv.json
77 lines (77 loc) · 2.08 KB
/
tcp_allow_csv.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
{
"input": {
"message": "<14>Sep 16 10:00:02 PA-1 1,9/16/19 10:00,1801016000,TRAFFIC,start,2049,9/16/19 10:00,1.2.3.4,4.3.2.1,0.0.0.0,0.0.0.0,proxy1,,,web-browsing,vsys1234,v10213,zone1,a.1,b.2,Secure,9/16/19 10:00,60000,1,61000,80,0,0,0x0,tcp,allow,800,700,70,2,9/16/19 10:00,0,any,0,50660381839,0x0,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,0,2,1,n/a,0,0,0,0,,PP,from-policy,,,0,,0,,N/A,0,0,0,0"
},
"expected": {
"message": "<14>Sep 16 10:00:02 PA-1 1,9/16/19 10:00,1801016000,TRAFFIC,start,2049,9/16/19 10:00,1.2.3.4,4.3.2.1,0.0.0.0,0.0.0.0,proxy1,,,web-browsing,vsys1234,v10213,zone1,a.1,b.2,Secure,9/16/19 10:00,60000,1,61000,80,0,0,0x0,tcp,allow,800,700,70,2,9/16/19 10:00,0,any,0,50660381839,0x0,10.0.0.0-10.255.255.255,10.0.0.0-10.255.255.255,0,2,1,n/a,0,0,0,0,,PP,from-policy,,,0,,0,,N/A,0,0,0,0",
"event": {
"action": "allow",
"category": [
"network"
],
"dataset": "traffic",
"duration": 0,
"outcome": "success",
"type": [
"start"
]
},
"@timestamp": "2019-09-16T10:00:00Z",
"action": {
"name": "allow",
"outcome": "success",
"type": "start"
},
"destination": {
"address": "4.3.2.1",
"bytes": 70,
"ip": "4.3.2.1",
"nat": {
"ip": "0.0.0.0",
"port": 0
},
"packets": 1,
"port": 80
},
"log": {
"hostname": "PP",
"logger": "traffic"
},
"network": {
"application": "web-browsing",
"bytes": 800,
"packets": 2,
"transport": "tcp"
},
"observer": {
"name": "PP",
"product": "PAN-OS",
"serial_number": "1801016000"
},
"paloalto": {
"Threat_ContentType": "start",
"VirtualLocation": "vsys1234"
},
"related": {
"ip": [
"0.0.0.0",
"1.2.3.4",
"4.3.2.1"
]
},
"rule": {
"name": "proxy1"
},
"source": {
"address": "1.2.3.4",
"bytes": 700,
"ip": "1.2.3.4",
"nat": {
"ip": "0.0.0.0",
"port": 0
},
"packets": 2,
"port": 61000
}
}
}