Add further enhancements to Radiflow solution content
This commit is contained in:
gilad
Родитель
9f0afba1c9
Коммит
571a104981
Различия файлов скрыты, потому что одна или несколько строк слишком длинны
|
После Ширина: | Высота: | Размер: 313 KiB |
|
|
@ -0,0 +1,37 @@
|
|||
TimeGenerated [UTC],DeviceVendor,DeviceProduct,DeviceVersion,EventClassID,EventMessage,EventSeverity,DestinationHostName,DestinationMACAddress,DestinationIP,Protocol,SourceHostName,SourceMACAddress,SourceIP,EventType,EventCategory,EventServer,EventCollectorHostName,SchemaVersion,EventID,Port,SourceVendor,DestinationVendor,SourceType,DestinationType,SourceVLAN,EventTime [UTC]
|
||||
"5/18/2024, 4:02:00.625 PM",radiflow,isid,7.0.2.28,2,New Link Detected,Medium,,B8:27:EB:11:DE:24,172.16.8.17,Modbus,,00:30:DE:40:D0:8D#012,172.16.2.41,0,'Link',radiflow-labs-isid,radiflow-labs-syslog,1,220,502,WAGO Kontakttechnik GmbH,Raspberry Pi Foundation,Server,Server,1,"5/18/2024, 4:02:00.625 PM"
|
||||
"5/18/2024, 4:02:00.641 PM",radiflow,isid,7.0.2.28,2,New Link Detected,Medium,,00:30:DE:40:D0:8D,172.16.2.41,Modbus,,B8:27:EB:11:DE:24#012,172.16.8.17,0,'Link',radiflow-labs-isid,radiflow-labs-syslog,1,221,502,Raspberry Pi Foundation,WAGO Kontakttechnik GmbH,Server,Server,1,"5/18/2024, 4:02:00.641 PM"
|
||||
"5/18/2024, 4:02:00.651 PM",radiflow,isid,7.0.2.28,2,New Link Detected,Medium,,B8:27:EB:94:FF:4A,172.16.8.14,Modbus,,00:30:DE:40:D0:8D#012,172.16.2.41,0,'Link',radiflow-labs-isid,radiflow-labs-syslog,1,222,502,WAGO Kontakttechnik GmbH,Raspberry Pi Foundation,Server,Server,1,"5/18/2024, 4:02:00.651 PM"
|
||||
"5/18/2024, 4:02:00.665 PM",radiflow,isid,7.0.2.28,2,New Link Detected,Medium,,00:30:DE:40:D0:8D,172.16.2.41,Modbus,,B8:27:EB:94:FF:4A#012,172.16.8.14,0,'Link',radiflow-labs-isid,radiflow-labs-syslog,1,223,502,Raspberry Pi Foundation,WAGO Kontakttechnik GmbH,Server,Server,1,"5/18/2024, 4:02:00.665 PM"
|
||||
"5/18/2024, 4:02:00.675 PM",radiflow,isid,7.0.2.28,2,New Link Detected,Medium,,00:30:DE:40:D0:DB,172.16.1.41,S7/S7Plus/61850-MMS,,00:30:DE:40:D0:E0#012,172.16.4.41,0,'Link',radiflow-labs-isid,radiflow-labs-syslog,1,224,102,WAGO Kontakttechnik GmbH,WAGO Kontakttechnik GmbH,Server,Server,1,"5/18/2024, 4:02:00.675 PM"
|
||||
"5/18/2024, 4:02:00.686 PM",radiflow,isid,7.0.2.28,2,New Link Detected,Medium,,B8:27:EB:F1:57:B5,172.16.8.11,Modbus,,00:30:DE:40:D0:DB#012,172.16.1.41,0,'Link',radiflow-labs-isid,radiflow-labs-syslog,1,225,502,WAGO Kontakttechnik GmbH,Raspberry Pi Foundation,Server,Server,1,"5/18/2024, 4:02:00.686 PM"
|
||||
"5/18/2024, 4:02:00.701 PM",radiflow,isid,7.0.2.28,2,New Link Detected,Medium,,00:30:DE:40:D0:DB,172.16.1.41,Modbus,,B8:27:EB:F1:57:B5#012,172.16.8.11,0,'Link',radiflow-labs-isid,radiflow-labs-syslog,1,226,502,Raspberry Pi Foundation,WAGO Kontakttechnik GmbH,Server,Server,1,"5/18/2024, 4:02:00.701 PM"
|
||||
"5/18/2024, 4:02:00.715 PM",radiflow,isid,7.0.2.28,2,New Link Detected,Medium,,00:30:DE:40:D0:DB,172.16.1.41,Modbus,,B8:27:EB:9B:0B:D2#012,172.16.8.12,0,'Link',radiflow-labs-isid,radiflow-labs-syslog,1,227,502,Raspberry Pi Foundation,WAGO Kontakttechnik GmbH,Server,Server,1,"5/18/2024, 4:02:00.715 PM"
|
||||
"5/18/2024, 4:02:00.725 PM",radiflow,isid,7.0.2.28,2,New Link Detected,Medium,,00:30:DE:40:D0:E4,172.16.5.41,S7/S7Plus/61850-MMS,,EC:74:BA:27:3B:1C#012,172.18.5.60,0,'Link',radiflow-labs-isid,radiflow-labs-syslog,1,228,102,Hirschmann Automation and Control GmbH,WAGO Kontakttechnik GmbH,Server,Server,None,"5/18/2024, 4:02:00.725 PM"
|
||||
"5/18/2024, 4:02:00.736 PM",radiflow,isid,7.0.2.28,2,New Link Detected,Medium,,B8:27:EB:9B:0B:D2,172.16.8.12,Modbus,,00:30:DE:40:D0:DB#012,172.16.1.41,0,'Link',radiflow-labs-isid,radiflow-labs-syslog,1,229,502,WAGO Kontakttechnik GmbH,Raspberry Pi Foundation,Server,Server,1,"5/18/2024, 4:02:00.736 PM"
|
||||
"5/18/2024, 4:02:00.747 PM",radiflow,isid,7.0.2.28,2,New Link Detected,Medium,,B8:27:EB:2B:87:1C,172.16.8.18,Modbus,,00:30:DE:40:D0:E0#012,172.16.4.41,0,'Link',radiflow-labs-isid,radiflow-labs-syslog,1,230,502,WAGO Kontakttechnik GmbH,Raspberry Pi Foundation,Server,Server,1,"5/18/2024, 4:02:00.747 PM"
|
||||
"5/18/2024, 4:02:00.758 PM",radiflow,isid,7.0.2.28,2,New Link Detected,Medium,,00:30:DE:40:D0:E0,172.16.4.41,Modbus,,B8:27:EB:2B:87:1C#012,172.16.8.18,0,'Link',radiflow-labs-isid,radiflow-labs-syslog,1,231,502,Raspberry Pi Foundation,WAGO Kontakttechnik GmbH,Server,Server,1,"5/18/2024, 4:02:00.758 PM"
|
||||
"5/18/2024, 4:02:00.770 PM",radiflow,isid,7.0.2.28,2,New Link Detected,Medium,,B8:27:EB:1E:29:37,172.16.8.19,Modbus,,00:30:DE:40:D0:E0#012,172.16.4.41,0,'Link',radiflow-labs-isid,radiflow-labs-syslog,1,232,502,WAGO Kontakttechnik GmbH,Raspberry Pi Foundation,Server,Server,1,"5/18/2024, 4:02:00.770 PM"
|
||||
"5/18/2024, 4:02:00.780 PM",radiflow,isid,7.0.2.28,2,New Link Detected,Medium,,00:30:DE:40:D0:E0,172.16.4.41,Modbus,,B8:27:EB:1E:29:37#012,172.16.8.19,0,'Link',radiflow-labs-isid,radiflow-labs-syslog,1,233,502,Raspberry Pi Foundation,WAGO Kontakttechnik GmbH,Server,Server,1,"5/18/2024, 4:02:00.780 PM"
|
||||
"5/18/2024, 4:02:04.823 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,00:80:F4:0E:10:FC,192.168.1.85,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,251,,TELEMECANIQUE ELECTRIQUE,,Server,,None,"5/18/2024, 4:02:04.823 PM"
|
||||
"5/18/2024, 4:02:04.838 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,00:30:DE:40:D0:E0,172.16.4.41,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,256,,WAGO Kontakttechnik GmbH,,Server,,1,"5/18/2024, 4:02:04.838 PM"
|
||||
"5/18/2024, 4:02:04.852 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,EC:74:BA:27:3B:1C,172.18.5.60,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,257,,Hirschmann Automation and Control GmbH,,Server,,None,"5/18/2024, 4:02:04.852 PM"
|
||||
"5/18/2024, 4:02:04.862 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,00:30:DE:40:D0:8D,172.16.2.41,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,258,,WAGO Kontakttechnik GmbH,,Server,,1,"5/18/2024, 4:02:04.862 PM"
|
||||
"5/18/2024, 4:02:04.883 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,B8:27:EB:11:DE:24,172.16.8.17,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,259,,Raspberry Pi Foundation,,Server,,1,"5/18/2024, 4:02:04.883 PM"
|
||||
"5/18/2024, 4:02:04.895 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,B8:27:EB:94:FF:4A,172.16.8.14,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,260,,Raspberry Pi Foundation,,Server,,1,"5/18/2024, 4:02:04.895 PM"
|
||||
"5/18/2024, 4:02:04.905 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,00:30:DE:40:D0:DB,172.16.1.41,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,261,,WAGO Kontakttechnik GmbH,,Server,,1,"5/18/2024, 4:02:04.905 PM"
|
||||
"5/18/2024, 4:02:04.935 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,B8:27:EB:F1:57:B5,172.16.8.11,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,262,,Raspberry Pi Foundation,,Server,,1,"5/18/2024, 4:02:04.935 PM"
|
||||
"5/18/2024, 4:02:04.946 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,B8:27:EB:9B:0B:D2,172.16.8.12,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,263,,Raspberry Pi Foundation,,Server,,1,"5/18/2024, 4:02:04.946 PM"
|
||||
"5/18/2024, 4:02:04.967 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,00:30:DE:40:D0:E4,172.16.5.41,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,264,,WAGO Kontakttechnik GmbH,,Server,,1,"5/18/2024, 4:02:04.967 PM"
|
||||
"5/18/2024, 4:02:04.977 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,B8:27:EB:2B:87:1C,172.16.8.18,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,265,,Raspberry Pi Foundation,,Server,,1,"5/18/2024, 4:02:04.977 PM"
|
||||
"5/18/2024, 4:02:04.995 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,B8:27:EB:1E:29:37,172.16.8.19,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,266,,Raspberry Pi Foundation,,Server,,1,"5/18/2024, 4:02:04.995 PM"
|
||||
"5/18/2024, 4:02:05.010 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,00:05:21:02:0E:BF,192.168.1.43,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,267,,Control Microsystems,,Server,,None,"5/18/2024, 4:02:05.010 PM"
|
||||
"5/18/2024, 4:02:05.029 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,00:0C:29:15:A5:76,192.168.1.67,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,268,,"VMware, Inc.",,Server,,None,"5/18/2024, 4:02:05.029 PM"
|
||||
"5/18/2024, 4:02:05.040 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,00:05:21:02:15:B6,192.168.1.33,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,269,,Control Microsystems,,Server,,3,"5/18/2024, 4:02:05.040 PM"
|
||||
"5/18/2024, 4:02:05.054 PM",radiflow,isid,7.0.2.28,1,New device detected,Medium,,,,,,00:30:DE:40:D0:E2,172.16.3.41,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,270,,WAGO Kontakttechnik GmbH,,Server,,None,"5/18/2024, 4:02:05.054 PM"
|
||||
"5/18/2024, 4:02:05.067 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,5C:88:16:F2:89:6D,192.168.1.63,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,271,,Rockwell Automation,,Server,,None,"5/18/2024, 4:02:05.067 PM"
|
||||
"5/18/2024, 4:02:05.083 PM",radiflow,isid,7.0.2.28,3,New MAC detected,Medium,,,,,,00:30:DE:40:D0:E2,172.16.3.41,0,'Device',radiflow-labs-isid,radiflow-labs-syslog,1,272,,WAGO Kontakttechnik GmbH,,Server,,None,"5/18/2024, 4:02:05.083 PM"
|
||||
"5/18/2024, 4:02:05.094 PM",radiflow,isid,7.0.2.28,2,New Link Detected,Medium,,00:30:DE:40:D0:E2,172.16.3.41,S7/S7Plus/61850-MMS,,EC:74:BA:27:3B:1C#012,172.18.5.60,0,'Link',radiflow-labs-isid,radiflow-labs-syslog,1,255,102,Hirschmann Automation and Control GmbH,WAGO Kontakttechnik GmbH,Server,Server,None,"5/18/2024, 4:02:05.094 PM"
|
||||
"5/18/2024, 4:02:05.103 PM",radiflow,isid,7.0.2.28,101,Schneider Logic Update Detected,High,,00:80:F4:0E:10:FC,192.168.1.85,Modbus,,44:8A:5B:CB:72:42#012,192.168.1.6,0,'Cyber',radiflow-labs-isid,radiflow-labs-syslog,1,252,502,"Micro-Star INT'L CO., LTD.",TELEMECANIQUE ELECTRIQUE,Server,Server,None,"5/18/2024, 4:02:05.103 PM"
|
||||
"5/18/2024, 4:02:05.114 PM",radiflow,isid,7.0.2.28,143,(spp_modbus): Reserved Modbus function code in use.,High,,00:80:F4:0E:10:FC,192.168.1.85,Modbus,,44:8A:5B:CB:72:42#012,192.168.1.6,0,'Cyber',radiflow-labs-isid,radiflow-labs-syslog,1,253,502,"Micro-Star INT'L CO., LTD.",TELEMECANIQUE ELECTRIQUE,Server,Server,None,"5/18/2024, 4:02:05.114 PM"
|
||||
"5/18/2024, 4:02:05.125 PM",radiflow,isid,7.0.2.28,143,(spp_modbus): Reserved Modbus function code in use.,High,,44:8A:5B:CB:72:42,192.168.1.6,Modbus,,00:80:F4:0E:10:FC#012,192.168.1.85,0,'Cyber',radiflow-labs-isid,radiflow-labs-syslog,1,254,502,TELEMECANIQUE ELECTRIQUE,"Micro-Star INT'L CO., LTD.",Server,Server,None,"5/18/2024, 4:02:05.125 PM"
|
||||
|
|
|
@ -0,0 +1,36 @@
|
|||
May 18 16:02:00 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|2|New Link Detected|Medium|cat='Link' id=220 src=172.16.2.41 dst=172.16.8.17 pt=502 PtName=Modbus SrcName=172.16.2.41 DstName=172.16.8.17 - 0 SrcMac=00:30:DE:40:D0:8D#012 DstMac=B8:27:EB:11:DE:24 SrcVendor=WAGO Kontakttechnik GmbH DstVendor=Raspberry Pi Foundation SrcType=Server DstType=Server SrcVlan=1
|
||||
May 18 16:02:00 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|2|New Link Detected|Medium|cat='Link' id=221 src=172.16.8.17 dst=172.16.2.41 pt=502 PtName=Modbus SrcName=172.16.8.17 - 0 DstName=172.16.2.41 SrcMac=B8:27:EB:11:DE:24#012 DstMac=00:30:DE:40:D0:8D SrcVendor=Raspberry Pi Foundation DstVendor=WAGO Kontakttechnik GmbH SrcType=Server DstType=Server SrcVlan=1
|
||||
May 18 16:02:00 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|2|New Link Detected|Medium|cat='Link' id=222 src=172.16.2.41 dst=172.16.8.14 pt=502 PtName=Modbus SrcName=172.16.2.41 DstName=172.16.8.14 - 0 SrcMac=00:30:DE:40:D0:8D#012 DstMac=B8:27:EB:94:FF:4A SrcVendor=WAGO Kontakttechnik GmbH DstVendor=Raspberry Pi Foundation SrcType=Server DstType=Server SrcVlan=1
|
||||
May 18 16:02:00 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|2|New Link Detected|Medium|cat='Link' id=223 src=172.16.8.14 dst=172.16.2.41 pt=502 PtName=Modbus SrcName=172.16.8.14 - 0 DstName=172.16.2.41 SrcMac=B8:27:EB:94:FF:4A#012 DstMac=00:30:DE:40:D0:8D SrcVendor=Raspberry Pi Foundation DstVendor=WAGO Kontakttechnik GmbH SrcType=Server DstType=Server SrcVlan=1
|
||||
May 18 16:02:00 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|2|New Link Detected|Medium|cat='Link' id=224 src=172.16.4.41 dst=172.16.1.41 pt=102 PtName=S7/S7Plus/61850-MMS SrcName=172.16.4.41 DstName=172.16.1.41 SrcMac=00:30:DE:40:D0:E0 DstMac=00:30:DE:40:D0:DB SrcVendor=WAGO Kontakttechnik GmbH DstVendor=WAGO Kontakttechnik GmbH SrcType=Server DstType=Server SrcVlan=1
|
||||
May 18 16:02:00 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|2|New Link Detected|Medium|cat='Link' id=225 src=172.16.1.41 dst=172.16.8.11 pt=502 PtName=Modbus SrcName=172.16.1.41 DstName=172.16.8.11 - 0 SrcMac=00:30:DE:40:D0:DB DstMac=B8:27:EB:F1:57:B5 SrcVendor=WAGO Kontakttechnik GmbH DstVendor=Raspberry Pi Foundation SrcType=Server DstType=Server SrcVlan=1
|
||||
May 18 16:02:00 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|2|New Link Detected|Medium|cat='Link' id=226 src=172.16.8.11 dst=172.16.1.41 pt=502 PtName=Modbus SrcName=172.16.8.11 - 0 DstName=172.16.1.41 SrcMac=B8:27:EB:F1:57:B5 DstMac=00:30:DE:40:D0:DB SrcVendor=Raspberry Pi Foundation DstVendor=WAGO Kontakttechnik GmbH SrcType=Server DstType=Server SrcVlan=1
|
||||
May 18 16:02:00 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|2|New Link Detected|Medium|cat='Link' id=227 src=172.16.8.12 dst=172.16.1.41 pt=502 PtName=Modbus SrcName=172.16.8.12 - 0 DstName=172.16.1.41 SrcMac=B8:27:EB:9B:0B:D2 DstMac=00:30:DE:40:D0:DB SrcVendor=Raspberry Pi Foundation DstVendor=WAGO Kontakttechnik GmbH SrcType=Server DstType=Server SrcVlan=1
|
||||
May 18 16:02:00 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|2|New Link Detected|Medium|cat='Link' id=228 src=172.18.5.60 dst=172.16.5.41 pt=102 PtName=S7/S7Plus/61850-MMS SrcName=172.18.5.60 DstName=172.16.5.41 SrcMac=EC:74:BA:27:3B:1C DstMac=00:30:DE:40:D0:E4 SrcVendor=Hirschmann Automation and Control GmbH DstVendor=WAGO Kontakttechnik GmbH SrcType=Server DstType=Server SrcVlan=None
|
||||
May 18 16:02:00 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|2|New Link Detected|Medium|cat='Link' id=229 src=172.16.1.41 dst=172.16.8.12 pt=502 PtName=Modbus SrcName=172.16.1.41 DstName=172.16.8.12 - 0 SrcMac=00:30:DE:40:D0:DB DstMac=B8:27:EB:9B:0B:D2 SrcVendor=WAGO Kontakttechnik GmbH DstVendor=Raspberry Pi Foundation SrcType=Server DstType=Server SrcVlan=1
|
||||
May 18 16:02:00 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|2|New Link Detected|Medium|cat='Link' id=230 src=172.16.4.41 dst=172.16.8.18 pt=502 PtName=Modbus SrcName=172.16.4.41 DstName=172.16.8.18 - 0 SrcMac=00:30:DE:40:D0:E0 DstMac=B8:27:EB:2B:87:1C SrcVendor=WAGO Kontakttechnik GmbH DstVendor=Raspberry Pi Foundation SrcType=Server DstType=Server SrcVlan=1
|
||||
May 18 16:02:00 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|2|New Link Detected|Medium|cat='Link' id=231 src=172.16.8.18 dst=172.16.4.41 pt=502 PtName=Modbus SrcName=172.16.8.18 - 0 DstName=172.16.4.41 SrcMac=B8:27:EB:2B:87:1C DstMac=00:30:DE:40:D0:E0 SrcVendor=Raspberry Pi Foundation DstVendor=WAGO Kontakttechnik GmbH SrcType=Server DstType=Server SrcVlan=1
|
||||
May 18 16:02:00 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|2|New Link Detected|Medium|cat='Link' id=232 src=172.16.4.41 dst=172.16.8.19 pt=502 PtName=Modbus SrcName=172.16.4.41 DstName=172.16.8.19 - 0 SrcMac=00:30:DE:40:D0:E0 DstMac=B8:27:EB:1E:29:37 SrcVendor=WAGO Kontakttechnik GmbH DstVendor=Raspberry Pi Foundation SrcType=Server DstType=Server SrcVlan=1
|
||||
May 18 16:02:00 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|2|New Link Detected|Medium|cat='Link' id=233 src=172.16.8.19 dst=172.16.4.41 pt=502 PtName=Modbus SrcName=172.16.8.19 - 0 DstName=172.16.4.41 SrcMac=B8:27:EB:1E:29:37 DstMac=00:30:DE:40:D0:E0 SrcVendor=Raspberry Pi Foundation DstVendor=WAGO Kontakttechnik GmbH SrcType=Server DstType=Server SrcVlan=1
|
||||
May 18 16:02:04 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=251 dvc=192.168.1.85 SrcName=192.168.1.85 - 1 SrcMac=00:80:F4:0E:10:FC SrcVendor=TELEMECANIQUE ELECTRIQUE SrcType=Server SrcVlan=None
|
||||
May 18 16:02:04 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=256 dvc=172.16.4.41 SrcName=172.16.4.41 SrcMac=00:30:DE:40:D0:E0 SrcVendor=WAGO Kontakttechnik GmbH SrcType=Server SrcVlan=1
|
||||
May 18 16:02:04 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=257 dvc=172.18.5.60 SrcName=172.18.5.60 SrcMac=EC:74:BA:27:3B:1C SrcVendor=Hirschmann Automation and Control GmbH SrcType=Server SrcVlan=None
|
||||
May 18 16:02:04 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=258 dvc=172.16.2.41 SrcName=172.16.2.41 SrcMac=00:30:DE:40:D0:8D SrcVendor=WAGO Kontakttechnik GmbH SrcType=Server SrcVlan=1
|
||||
May 18 16:02:04 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=259 dvc=172.16.8.17 SrcName=172.16.8.17 - 0 SrcMac=B8:27:EB:11:DE:24 SrcVendor=Raspberry Pi Foundation SrcType=Server SrcVlan=1
|
||||
May 18 16:02:04 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=260 dvc=172.16.8.14 SrcName=172.16.8.14 - 0 SrcMac=B8:27:EB:94:FF:4A SrcVendor=Raspberry Pi Foundation SrcType=Server SrcVlan=1
|
||||
May 18 16:02:04 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=261 dvc=172.16.1.41 SrcName=172.16.1.41 SrcMac=00:30:DE:40:D0:DB SrcVendor=WAGO Kontakttechnik GmbH SrcType=Server SrcVlan=1
|
||||
May 18 16:02:04 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=262 dvc=172.16.8.11 SrcName=172.16.8.11 - 0 SrcMac=B8:27:EB:F1:57:B5 SrcVendor=Raspberry Pi Foundation SrcType=Server SrcVlan=1
|
||||
May 18 16:02:04 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=263 dvc=172.16.8.12 SrcName=172.16.8.12 - 0 SrcMac=B8:27:EB:9B:0B:D2 SrcVendor=Raspberry Pi Foundation SrcType=Server SrcVlan=1
|
||||
May 18 16:02:04 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=264 dvc=172.16.5.41 SrcName=172.16.5.41 SrcMac=00:30:DE:40:D0:E4 SrcVendor=WAGO Kontakttechnik GmbH SrcType=Server SrcVlan=1
|
||||
May 18 16:02:04 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=265 dvc=172.16.8.18 SrcName=172.16.8.18 - 0 SrcMac=B8:27:EB:2B:87:1C SrcVendor=Raspberry Pi Foundation SrcType=Server SrcVlan=1
|
||||
May 18 16:02:04 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=266 dvc=172.16.8.19 SrcName=172.16.8.19 - 0 SrcMac=B8:27:EB:1E:29:37 SrcVendor=Raspberry Pi Foundation SrcType=Server SrcVlan=1
|
||||
May 18 16:02:05 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=267 dvc=192.168.1.43 SrcName=192.168.1.43 - 1 SrcMac=00:05:21:02:0E:BF SrcVendor=Control Microsystems SrcType=Server SrcVlan=None
|
||||
May 18 16:02:05 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=268 dvc=192.168.1.67 SrcName=192.168.1.67 SrcMac=00:0C:29:15:A5:76 SrcVendor=VMware, Inc. SrcType=Server SrcVlan=None
|
||||
May 18 16:02:05 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=269 dvc=192.168.1.33 SrcName=192.168.1.33 - 1 SrcMac=00:05:21:02:15:B6 SrcVendor=Control Microsystems SrcType=Server SrcVlan=3
|
||||
May 18 16:02:05 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|1|New device detected|Medium|cat='Device' id=270 dvc=172.16.3.41 SrcName=172.16.3.41 SrcMac=00:30:DE:40:D0:E2 SrcVendor=WAGO Kontakttechnik GmbH SrcType=Server SrcVlan=None
|
||||
May 18 16:02:05 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=271 dvc=192.168.1.63 SrcName=192.168.1.63 SrcMac=5C:88:16:F2:89:6D SrcVendor=Rockwell Automation SrcType=Server SrcVlan=None
|
||||
May 18 16:02:05 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|3|New MAC detected|Medium|cat='Device' id=272 dvc=172.16.3.41 SrcName=172.16.3.41 SrcMac=00:30:DE:40:D0:E2 SrcVendor=WAGO Kontakttechnik GmbH SrcType=Server SrcVlan=None
|
||||
May 18 16:02:05 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|2|New Link Detected|Medium|cat='Link' id=255 src=172.18.5.60 dst=172.16.3.41 pt=102 PtName=S7/S7Plus/61850-MMS SrcName=172.18.5.60 DstName=172.16.3.41 SrcMac=EC:74:BA:27:3B:1C DstMac=00:30:DE:40:D0:E2 SrcVendor=Hirschmann Automation and Control GmbH DstVendor=WAGO Kontakttechnik GmbH SrcType=Server DstType=Server SrcVlan=None
|
||||
May 18 16:02:05 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|101|Schneider Logic Update Detected|High|cat='Cyber' id=252 src=192.168.1.6 dst=192.168.1.85 pt=502 PtName=Modbus SrcName=192.168.1.6 DstName=192.168.1.85 - 1 SrcMac=44:8A:5B:CB:72:42 DstMac=00:80:F4:0E:10:FC SrcVendor=Micro-Star INT'L CO., LTD. DstVendor=TELEMECANIQUE ELECTRIQUE SrcType=Server DstType=Server SrcVlan=None
|
||||
May 18 16:02:05 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|143|(spp_modbus): Reserved Modbus function code in use.|High|cat='Cyber' id=253 src=192.168.1.6 dst=192.168.1.85 pt=502 PtName=Modbus SrcName=192.168.1.6 DstName=192.168.1.85 - 1 SrcMac=44:8A:5B:CB:72:42 DstMac=00:80:F4:0E:10:FC SrcVendor=Micro-Star INT'L CO., LTD. DstVendor=TELEMECANIQUE ELECTRIQUE SrcType=Server DstType=Server SrcVlan=None
|
||||
May 18 16:02:05 radiflow-labs-isid radiflow-labs-isid[1] CEF:0|radiflow|isid|7.0.2.28|143|(spp_modbus): Reserved Modbus function code in use.|High|cat='Cyber' id=254 src=192.168.1.85 dst=192.168.1.6 pt=502 PtName=Modbus SrcName=192.168.1.85 - 1 DstName=192.168.1.6 SrcMac=00:80:F4:0E:10:FC DstMac=44:8A:5B:CB:72:42 SrcVendor=TELEMECANIQUE ELECTRIQUE DstVendor=Micro-Star INT'L CO., LTD. SrcType=Server DstType=Server SrcVlan=None
|
||||
|
|
@ -0,0 +1,28 @@
|
|||
ColumnName,ColumnOrdinal,DataType,ColumnType
|
||||
TimeGenerated,0,"System.DateTime",datetime
|
||||
DeviceVendor,1,"System.String",string
|
||||
DeviceProduct,2,"System.String",string
|
||||
DeviceVersion,3,"System.String",string
|
||||
EventClassID,4,"System.String",string
|
||||
EventMessage,5,"System.String",string
|
||||
EventSeverity,6,"System.String",string
|
||||
DestinationHostName,7,"System.String",string
|
||||
DestinationMACAddress,8,"System.String",string
|
||||
DestinationIP,9,"System.String",string
|
||||
Protocol,10,"System.String",string
|
||||
SourceHostName,11,"System.String",string
|
||||
SourceMACAddress,12,"System.String",string
|
||||
SourceIP,13,"System.String",string
|
||||
EventType,14,"System.Int64",long
|
||||
EventCategory,15,"System.String",string
|
||||
EventServer,16,"System.String",string
|
||||
EventCollectorHostName,17,"System.String",string
|
||||
SchemaVersion,18,"System.Double",real
|
||||
EventID,19,"System.Int64",long
|
||||
Port,20,"System.String",string
|
||||
SourceVendor,21,"System.String",string
|
||||
DestinationVendor,22,"System.String",string
|
||||
SourceType,23,"System.String",string
|
||||
DestinationType,24,"System.String",string
|
||||
SourceVLAN,25,"System.String",string
|
||||
EventTime,26,"System.DateTime",datetime
|
||||
|
Загрузка…
Ссылка в новой задаче