-
Notifications
You must be signed in to change notification settings - Fork 28
/
udp_deny_csv.json
78 lines (78 loc) · 2.14 KB
/
udp_deny_csv.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
{
"input": {
"message": "<14>Sep 16 10:00:00 PA 1,9/16/19 10:00,1801017000,TRAFFIC,deny,2049,9/16/19 10:00,10.0.0.2,1.2.3.4,5.4.4.3,5.4.3.2,DENYALL,,,protection,vsys1,DNS,AAAAA,ae2.503,ethernet1/1,Secure,9/16/19 10:00,11111,1,130000,53,6379,53,0x400000,udp,reset-both,284,284,0,1,9/16/19 10:00,0,any,0,50660381851,0x0,10.0.0.0-10.255.255.255,Spain,0,1,0,policy-deny,0,0,0,0,,PA-1,from-application,,,0,,0,,N/A,0,0,0,0"
},
"expected": {
"message": "<14>Sep 16 10:00:00 PA 1,9/16/19 10:00,1801017000,TRAFFIC,deny,2049,9/16/19 10:00,10.0.0.2,1.2.3.4,5.4.4.3,5.4.3.2,DENYALL,,,protection,vsys1,DNS,AAAAA,ae2.503,ethernet1/1,Secure,9/16/19 10:00,11111,1,130000,53,6379,53,0x400000,udp,reset-both,284,284,0,1,9/16/19 10:00,0,any,0,50660381851,0x0,10.0.0.0-10.255.255.255,Spain,0,1,0,policy-deny,0,0,0,0,,PA-1,from-application,,,0,,0,,N/A,0,0,0,0",
"event": {
"action": "reset-both",
"category": [
"network"
],
"dataset": "traffic",
"duration": 0,
"outcome": "success",
"type": [
"denied"
]
},
"@timestamp": "2019-09-16T10:00:00Z",
"action": {
"name": "reset-both",
"outcome": "success",
"type": "deny"
},
"destination": {
"address": "1.2.3.4",
"bytes": 0,
"ip": "1.2.3.4",
"nat": {
"ip": "5.4.3.2",
"port": 53
},
"packets": 0,
"port": 53
},
"log": {
"hostname": "PA-1",
"logger": "traffic"
},
"network": {
"application": "protection",
"bytes": 284,
"packets": 1,
"transport": "udp"
},
"observer": {
"name": "PA-1",
"product": "PAN-OS",
"serial_number": "1801017000"
},
"paloalto": {
"Threat_ContentType": "deny",
"VirtualLocation": "vsys1"
},
"related": {
"ip": [
"1.2.3.4",
"10.0.0.2",
"5.4.3.2",
"5.4.4.3"
]
},
"rule": {
"name": "DENYALL"
},
"source": {
"address": "10.0.0.2",
"bytes": 284,
"ip": "10.0.0.2",
"nat": {
"ip": "5.4.4.3",
"port": 6379
},
"packets": 1,
"port": 130000
}
}
}