[ { "pri":"13", "host":"firewall-host1", "ident":"RT_IDP", "pid":"-", "msgid":"IDP_ATTACK_LOG_EVENT", "extradata":"[junos@2636.1.1.1.2.135 epoch-time=\"1617366703\" message-type=\"SIG\" source-address=\"50.164.188.72\" source-port=\"45610\" destination-address=\"201.177.12.127\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"134.76.90.65\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]", "dvc_os":"junos@2636.1.1.1.2.135", "event_end_time":"1617366703", "message-type":"SIG", "source-address":"0.0.0.0", "destination-address":"134.76.90.65", "destination-port":"0", "protocol-name":"TCP", "service-name":"SERVICE_IDP", "application-name":"HTTP", "rule-name":"9", "rulebase-name":"IPS", "policy-name":"Recommended", "export-id":"15229", "repeat-count":"0", "action":"DROP", "threat-severity":"HIGH", "attack-name":"TROJAN:ZMEU-BOT-SCAN", "nat-source-address":"0.0.0.0", "nat-source-port":"0", "nat-destination-address":"134.76.90.65", "nat-destination-port":"0", "elapsed-time":"0", "inbound-bytes":"0", "outbound-bytes":"0", "inbound-packets":"0", "outbound-packets":"0", "source-zone-name":"sec-zone-name-internet", "source-interface-name":"reth0", "destination-zone-name":"dst-sec-zone1-outside", "destination-interface-name":"reth1", "packet-log-id":"0", "alert":"no", "username":"N/A", "roles":"N/A", "msg":"-" }, { "pri":"13", "host":"firewall-host1", "ident":"RT_IDP", "pid":"-", "msgid":"IDP_ATTACK_LOG_EVENT", "extradata":"[junos@2636.1.1.1.2.135 epoch-time=\"1617366704\" message-type=\"SIG\" source-address=\"212.112.106.56\" source-port=\"45610\" destination-address=\"220.71.243.146\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"111.172.3.135\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]", "dvc_os":"junos@2636.1.1.1.2.135", "event_end_time":"1617366704", "message-type":"SIG", "source-address":"0.0.0.0", "destination-address":"111.172.3.135", "destination-port":"0", "protocol-name":"TCP", "service-name":"SERVICE_IDP", "application-name":"HTTP", "rule-name":"9", "rulebase-name":"IPS", "policy-name":"Recommended", "export-id":"15229", "repeat-count":"0", "action":"DROP", "threat-severity":"HIGH", "attack-name":"TROJAN:ZMEU-BOT-SCAN", "nat-source-address":"0.0.0.0", "nat-source-port":"0", "nat-destination-address":"111.172.3.135", "nat-destination-port":"0", "elapsed-time":"0", "inbound-bytes":"0", "outbound-bytes":"0", "inbound-packets":"0", "outbound-packets":"0", "source-zone-name":"sec-zone-name-internet", "source-interface-name":"reth0", "destination-zone-name":"dst-sec-zone1-outside", "destination-interface-name":"reth1", "packet-log-id":"0", "alert":"no", "username":"N/A", "roles":"N/A", "msg":"-" }, { "pri":"13", "host":"firewall-host1", "ident":"RT_IDP", "pid":"-", "msgid":"IDP_ATTACK_LOG_EVENT", "extradata":"[junos@2636.1.1.1.2.135 epoch-time=\"1617366705\" message-type=\"SIG\" source-address=\"171.228.115.169\" source-port=\"45610\" destination-address=\"26.177.195.224\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"187.112.195.232\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]", "dvc_os":"junos@2636.1.1.1.2.135", "event_end_time":"1617366705", "message-type":"SIG", "source-address":"0.0.0.0", "destination-address":"187.112.195.232", "destination-port":"0", "protocol-name":"TCP", "service-name":"SERVICE_IDP", "application-name":"HTTP", "rule-name":"9", "rulebase-name":"IPS", "policy-name":"Recommended", "export-id":"15229", "repeat-count":"0", "action":"DROP", "threat-severity":"HIGH", "attack-name":"TROJAN:ZMEU-BOT-SCAN", "nat-source-address":"0.0.0.0", "nat-source-port":"0", "nat-destination-address":"187.112.195.232", "nat-destination-port":"0", "elapsed-time":"0", "inbound-bytes":"0", "outbound-bytes":"0", "inbound-packets":"0", "outbound-packets":"0", "source-zone-name":"sec-zone-name-internet", "source-interface-name":"reth0", "destination-zone-name":"dst-sec-zone1-outside", "destination-interface-name":"reth1", "packet-log-id":"0", "alert":"no", "username":"N/A", "roles":"N/A", "msg":"-" }, { "pri":"13", "host":"firewall-host1", "ident":"RT_IDP", "pid":"-", "msgid":"IDP_ATTACK_LOG_EVENT", "extradata":"[junos@2636.1.1.1.2.135 epoch-time=\"1617366706\" message-type=\"SIG\" source-address=\"58.48.132.116\" source-port=\"45610\" destination-address=\"76.90.34.94\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"13.110.228.65\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]", "dvc_os":"junos@2636.1.1.1.2.135", "event_end_time":"1617366706", "message-type":"SIG", "source-address":"0.0.0.0", "destination-address":"13.110.228.65", "destination-port":"0", "protocol-name":"TCP", "service-name":"SERVICE_IDP", "application-name":"HTTP", "rule-name":"9", "rulebase-name":"IPS", "policy-name":"Recommended", "export-id":"15229", "repeat-count":"0", "action":"DROP", "threat-severity":"HIGH", "attack-name":"TROJAN:ZMEU-BOT-SCAN", "nat-source-address":"0.0.0.0", "nat-source-port":"0", "nat-destination-address":"13.110.228.65", "nat-destination-port":"0", "elapsed-time":"0", "inbound-bytes":"0", "outbound-bytes":"0", "inbound-packets":"0", "outbound-packets":"0", "source-zone-name":"sec-zone-name-internet", "source-interface-name":"reth0", "destination-zone-name":"dst-sec-zone1-outside", "destination-interface-name":"reth1", "packet-log-id":"0", "alert":"no", "username":"N/A", "roles":"N/A", "msg":"-" }, { "pri":"13", "host":"firewall-host1", "ident":"RT_IDP", "pid":"-", "msgid":"IDP_ATTACK_LOG_EVENT", "extradata":"[junos@2636.1.1.1.2.135 epoch-time=\"1617366707\" message-type=\"SIG\" source-address=\"134.163.182.63\" source-port=\"45610\" destination-address=\"56.51.83.246\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"253.3.12.230\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]", "dvc_os":"junos@2636.1.1.1.2.135", "event_end_time":"1617366707", "message-type":"SIG", "source-address":"0.0.0.0", "destination-address":"253.3.12.230", "destination-port":"0", "protocol-name":"TCP", "service-name":"SERVICE_IDP", "application-name":"HTTP", "rule-name":"9", "rulebase-name":"IPS", "policy-name":"Recommended", "export-id":"15229", "repeat-count":"0", "action":"DROP", "threat-severity":"HIGH", "attack-name":"TROJAN:ZMEU-BOT-SCAN", "nat-source-address":"0.0.0.0", "nat-source-port":"0", "nat-destination-address":"253.3.12.230", "nat-destination-port":"0", "elapsed-time":"0", "inbound-bytes":"0", "outbound-bytes":"0", "inbound-packets":"0", "outbound-packets":"0", "source-zone-name":"sec-zone-name-internet", "source-interface-name":"reth0", "destination-zone-name":"dst-sec-zone1-outside", "destination-interface-name":"reth1", "packet-log-id":"0", "alert":"no", "username":"N/A", "roles":"N/A", "msg":"-" }, { "pri":"13", "host":"firewall-host1", "ident":"RT_IDP", "pid":"-", "msgid":"IDP_ATTACK_LOG_EVENT", "extradata":"[junos@2636.1.1.1.2.135 epoch-time=\"1617366708\" message-type=\"SIG\" source-address=\"231.209.71.3\" source-port=\"45610\" destination-address=\"165.96.82.159\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"215.129.207.145\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]", "dvc_os":"junos@2636.1.1.1.2.135", "event_end_time":"1617366708", "message-type":"SIG", "source-address":"0.0.0.0", "destination-address":"215.129.207.145", "destination-port":"0", "protocol-name":"TCP", "service-name":"SERVICE_IDP", "application-name":"HTTP", "rule-name":"9", "rulebase-name":"IPS", "policy-name":"Recommended", "export-id":"15229", "repeat-count":"0", "action":"DROP", "threat-severity":"HIGH", "attack-name":"TROJAN:ZMEU-BOT-SCAN", "nat-source-address":"0.0.0.0", "nat-source-port":"0", "nat-destination-address":"215.129.207.145", "nat-destination-port":"0", "elapsed-time":"0", "inbound-bytes":"0", "outbound-bytes":"0", "inbound-packets":"0", "outbound-packets":"0", "source-zone-name":"sec-zone-name-internet", "source-interface-name":"reth0", "destination-zone-name":"dst-sec-zone1-outside", "destination-interface-name":"reth1", "packet-log-id":"0", "alert":"no", "username":"N/A", "roles":"N/A", "msg":"-" }, { "pri":"13", "host":"firewall-host1", "ident":"RT_IDP", "pid":"-", "msgid":"IDP_ATTACK_LOG_EVENT", "dvc_os":"junos@2636.1.1.1.2.135", "event_end_time":"1617611934", "message-type":"SIG", "source-address":"0.0.0.0", "destination-address":"179.16.59.39", "destination-port":"0", "protocol-name":"TCP", "service-name":"SERVICE_IDP", "application-name":"HTTP", "rule-name":"9", "rulebase-name":"IPS", "policy-name":"Recommended", "export-id":"15229", "repeat-count":"0", "action":"DROP", "threat-severity":"HIGH", "attack-name":"TROJAN:ZMEU-BOT-SCAN", "nat-source-address":"0.0.0.0", "nat-source-port":"0", "nat-destination-address":"179.16.59.39", "nat-destination-port":"0", "elapsed-time":"0", "inbound-bytes":"0", "outbound-bytes":"0", "inbound-packets":"0", "outbound-packets":"0", "source-zone-name":"sec-zone-name-internet", "source-interface-name":"reth0", "destination-zone-name":"dst-sec-zone1-outside", "destination-interface-name":"reth1", "packet-log-id":"0", "alert":"no", "username":"N/A", "roles":"N/A", "msg":"-" }, { "pri":"13", "host":"firewall-host1", "ident":"RT_IDP", "pid":"-", "msgid":"IDP_ATTACK_LOG_EVENT", "dvc_os":"junos@2636.1.1.1.2.135", "event_end_time":"1617611935", "message-type":"SIG", "source-address":"0.0.0.0", "destination-address":"21.207.253.181", "destination-port":"0", "protocol-name":"TCP", "service-name":"SERVICE_IDP", "application-name":"HTTP", "rule-name":"9", "rulebase-name":"IPS", "policy-name":"Recommended", "export-id":"15229", "repeat-count":"0", "action":"DROP", "threat-severity":"HIGH", "attack-name":"TROJAN:ZMEU-BOT-SCAN", "nat-source-address":"0.0.0.0", "nat-source-port":"0", "nat-destination-address":"21.207.253.181", "nat-destination-port":"0", "elapsed-time":"0", "inbound-bytes":"0", "outbound-bytes":"0", "inbound-packets":"0", "outbound-packets":"0", "source-zone-name":"sec-zone-name-internet", "source-interface-name":"reth0", "destination-zone-name":"dst-sec-zone1-outside", "destination-interface-name":"reth1", "packet-log-id":"0", "alert":"no", "username":"N/A", "roles":"N/A", "msg":"-" }, { "pri":"13", "host":"firewall-host1", "ident":"RT_IDP", "pid":"-", "msgid":"IDP_ATTACK_LOG_EVENT", "dvc_os":"junos@2636.1.1.1.2.135", "event_end_time":"1617611936", "message-type":"SIG", "source-address":"0.0.0.0", "destination-address":"182.175.191.50", "destination-port":"0", "protocol-name":"TCP", "service-name":"SERVICE_IDP", "application-name":"HTTP", "rule-name":"9", "rulebase-name":"IPS", "policy-name":"Recommended", "export-id":"15229", "repeat-count":"0", "action":"DROP", "threat-severity":"HIGH", "attack-name":"TROJAN:ZMEU-BOT-SCAN", "nat-source-address":"0.0.0.0", "nat-source-port":"0", "nat-destination-address":"182.175.191.50", "nat-destination-port":"0", "elapsed-time":"0", "inbound-bytes":"0", "outbound-bytes":"0", "inbound-packets":"0", "outbound-packets":"0", "source-zone-name":"sec-zone-name-internet", "source-interface-name":"reth0", "destination-zone-name":"dst-sec-zone1-outside", "destination-interface-name":"reth1", "packet-log-id":"0", "alert":"no", "username":"N/A", "roles":"N/A", "msg":"-" }, { "pri":"13", "host":"firewall-host1", "ident":"RT_IDP", "pid":"-", "msgid":"IDP_ATTACK_LOG_EVENT", "dvc_os":"junos@2636.1.1.1.2.135", "event_end_time":"1617611937", "message-type":"SIG", "source-address":"0.0.0.0", "destination-address":"64.217.206.182", "destination-port":"0", "protocol-name":"TCP", "service-name":"SERVICE_IDP", "application-name":"HTTP", "rule-name":"9", "rulebase-name":"IPS", "policy-name":"Recommended", "export-id":"15229", "repeat-count":"0", "action":"DROP", "threat-severity":"HIGH", "attack-name":"TROJAN:ZMEU-BOT-SCAN", "nat-source-address":"0.0.0.0", "nat-source-port":"0", "nat-destination-address":"64.217.206.182", "nat-destination-port":"0", "elapsed-time":"0", "inbound-bytes":"0", "outbound-bytes":"0", "inbound-packets":"0", "outbound-packets":"0", "source-zone-name":"sec-zone-name-internet", "source-interface-name":"reth0", "destination-zone-name":"dst-sec-zone1-outside", "destination-interface-name":"reth1", "packet-log-id":"0", "alert":"no", "username":"N/A", "roles":"N/A", "msg":"-" } ]