Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Update InfobloxNIOS.json 

- Added additional sample events from https://docs.infoblox.com/display/NAG8/Capturing+DNS+Queries+and+Responses
- Added additional content from a CSV file provided by Ofer Shezaf
This commit is contained in:
kmusa1 2022-05-12 11:32:03 +01:00 коммит произвёл GitHub
Родитель d46511e3f8
Коммит 7600f698fa
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
1 изменённых файлов: 368 добавлений и 0 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

368
Sample Data/Syslog/InfobloxNIOS.json
Просмотреть файл

@ -1,4 +1,372 @@
[
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.617 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.617 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "client 10.120.20.198#57398 UDP: query: a2.foo.com IN A response: NOERROR +AED a2.foo.com. 28800 IN A 1.1.1.2",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.617 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.617 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "client 10.120.20.198#57398 UDP: query: a4.foo.com IN AAAA response: NOERROR +AED a4.foo.com. 28800 IN AAAA ab::a",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.623 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.623 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "client 2001::2#57398 UDP: query: a2.foo.com IN A response: NOERROR +AED a2.foo.com. 28800 IN A 1.1.1.2",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.623 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.623 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "client 10.120.20.198#57398 TCP: query: a2.foo.com IN A response: NOERROR +ED a2.foo.com. 28800 IN A 1.1.1.2",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.623 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.623 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "client 10.120.20.198#57398 UDP: query: a2.foo.com IN ANY response: NOERROR +ED a2.foo.com. 28800 IN A 1.1.1.2",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.623 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.623 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "client 10.120.20.198#57398 UDP: query: a1.foo.com IN A response: NOERROR +ED a1.foo.com. 28800 IN A 1.1.1.1; a1.foo.com. 28800 IN A 11.1.1.1",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.623 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.623 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "client 10.120.20.198#57398 UDP: query: c2.foo.com IN A response: NOERROR +ED c2.foo.com. 28800 IN CNAME a2.foo.com.; a2.foo.com. 28800 IN A 1.1.1.2",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.623 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.623 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "client 10.120.20.198#57398 UDP: query: non-exist.foo.com IN A response: NXDOMAIN +ED",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.627 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.627 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "client 10.120.20.198#57398 UDP: query: a1.foo.com IN SRV response: NOERROR +ED",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.627 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.627 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "client 10.120.20.198#57398 UDP: query: refused.com IN A response: REFUSED +ED",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.623 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.623 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "client 10.120.20.198#12345 UDP: query: servfail.com IN A response: SERVFAIL +E",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.623 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.623 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "client 10.120.20.198#57398 UDP: query: a1.signed.com IN A response: NOERROR +ED a1.signed.com. 28800 IN A 1.1.1.",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.627 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.627 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "client 10.120.20.198#57398 UDP: query: a1.signed.com IN RRSIG response: NOERROR +ED a1.signed.com. 28800 IN RRSIG A 5 3 28800 20130616004903 20130611234903\n4521 signed.com. evROKe7RbnkjFTsumT3JJg76bduFLfdEEnszitXHQCbVYBS5rDy+qbUI HCQuN/ldCNTJbZQ8MEhuatzfms+2Y5K2sU67P9Yg6GkOMxsT2LcJiBm/ YqrYiZBWGKpLF6J0PdX05133Xwq8XxUStUEJxKfuzcKSY6jaSduQIdFL v6A=; a1.signed.com.900 IN RRSIG NSEC 5 3 900 20130616004903 20130611234903 4521 signed.com.\nCnFmXMx9D+ZkDsztQbW2xx8XCROGNMBp0baxFXS/Pxxhg4PQcq58laI97y2Xgqswn/wKNhY8p9hkes5+6t/ihCOIbw FryxtdivPfYYFf3jafedFN ymZu05K9bYUfCUzZTGiRzoJYhxBM7xFT8fMvxni9ngsbLym82Tqv3Nua 6wU=",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.617 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.617 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "@0x7f1a9b54aaaa 192.46.117.8#41959 (ddd.xxx.yyy.com): view Recursion View: query: ddd.xxx.yyy.com IN A +E(0)DV (192.46.116.155)",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.617 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.617 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "@0x7f1a891bbbb 192.46.117.8#28492 (xxxx.uksouth.cloudapp.azure.com): view Recursion View: query: xxxx.uksouth.cloudapp.azure.com IN A +E(0)DV (192.46.116.155)",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.623 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.623 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "@0x7f2c195fcccc 192.46.115.13#19964 (66.67.68.69.in-addr.arpa): view Recursion View: query: 66.67.68.69.in-addr.arpa IN PTR +E(0)DV (192.46.114.154)",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.623 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.623 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "@0x7f2c1104dddd 192.46.115.12#36224 (xxx.yyy.net.edgekey.net): view Recursion View: query: xxx.yyy.net.edgekey.net IN A +E(0)DV (192.46.114.154)",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.623 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.623 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "@0x7f2c1c3feeee 192.46.115.12#22435 (xxx.yyy1.com): view Recursion View: query: xxx.yyy1.com IN A +E(0)DV (192.46.114.154)",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.623 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.623 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "@0x7f2c1c3ffff 192.46.115.12#62835 (zzz.yyy1.com): view Recursion View: query: zzz.yyy1.com IN A +E(0)DV (192.46.114.154)",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.623 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.623 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "@0x7f2c1c3faaaa 192.46.115.12#13502 (xxx.yyy.blob.storage.azure.net): view Recursion View: query: xxx.yyy.blob.storage.azure.net IN A +E(0)DV (192.46.114.154)",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.623 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.623 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "@0x7f2c1104bbbb 192.46.115.12#55440 (xxx.1111.2222.yyy.zz.COM): view Recursion View: query: xxx.1111.2222.yyy.zz.COM IN A +E(0)DV (192.46.114.154)",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.627 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.627 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "@0x7f2c10b5cccc 192.46.115.12#14290 (CM11.xxx.yyy2.com): view Recursion View: query: CM11.xxx.yyy2.com IN A +E(0)DV (192.46.114.154)",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "123456-123456-654987-654987",
"SourceSystem": "Linux",
"TimeGenerated": "5/9/2022, 6:09:02.627 AM",
"Computer": "computer1.domain.org",
"EventTime": "5/9/2022, 6:09:02.627 AM",
"Facility": "daemon",
"Hostname": "computer1.domain.org",
"SeverityLevel": "info",
"SyslogMessage": "@0x7f2c1c8adddd 192.46.115.12#32925 (secure.yyy.zzz3.com): view Recursion View: query failed (SERVFAIL) for secure.yyy.zzz3.com/IN/A at query.c:8678",
"ProcessID": "14265",
"HostIP": "156.72.152.18",
"ProcessName": "named",
"MG": "00000000-0000-0000-0000-000000000002",
"Type": "Query"
},
{
"TenantId": "2020-07-22T07:36:48Z",
"SourceSystem": "Linux",