Azure
/
Azure-Sentinel
зеркало из
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность
Azure-Sentinel/Sample Data/Custom/JuniperIDP_CL.json

428 строки
18 KiB
JSON
Исходник Ответственный История

[
{
"pri":"13",
"host":"firewall-host1",
"ident":"RT_IDP",
"pid":"-",
"msgid":"IDP_ATTACK_LOG_EVENT",
"extradata":"[junos@2636.1.1.1.2.135 epoch-time=\"1617366703\" message-type=\"SIG\" source-address=\"50.164.188.72\" source-port=\"45610\" destination-address=\"201.177.12.127\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"134.76.90.65\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]",
"dvc_os":"junos@2636.1.1.1.2.135",
"event_end_time":"1617366703",
"message-type":"SIG",
"source-address":"0.0.0.0",
"destination-address":"134.76.90.65",
"destination-port":"0",
"protocol-name":"TCP",
"service-name":"SERVICE_IDP",
"application-name":"HTTP",
"rule-name":"9",
"rulebase-name":"IPS",
"policy-name":"Recommended",
"export-id":"15229",
"repeat-count":"0",
"action":"DROP",
"threat-severity":"HIGH",
"attack-name":"TROJAN:ZMEU-BOT-SCAN",
"nat-source-address":"0.0.0.0",
"nat-source-port":"0",
"nat-destination-address":"134.76.90.65",
"nat-destination-port":"0",
"elapsed-time":"0",
"inbound-bytes":"0",
"outbound-bytes":"0",
"inbound-packets":"0",
"outbound-packets":"0",
"source-zone-name":"sec-zone-name-internet",
"source-interface-name":"reth0",
"destination-zone-name":"dst-sec-zone1-outside",
"destination-interface-name":"reth1",
"packet-log-id":"0",
"alert":"no",
"username":"N/A",
"roles":"N/A",
"msg":"-"
},
{
"pri":"13",
"host":"firewall-host1",
"ident":"RT_IDP",
"pid":"-",
"msgid":"IDP_ATTACK_LOG_EVENT",
"extradata":"[junos@2636.1.1.1.2.135 epoch-time=\"1617366704\" message-type=\"SIG\" source-address=\"212.112.106.56\" source-port=\"45610\" destination-address=\"220.71.243.146\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"111.172.3.135\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]",
"dvc_os":"junos@2636.1.1.1.2.135",
"event_end_time":"1617366704",
"message-type":"SIG",
"source-address":"0.0.0.0",
"destination-address":"111.172.3.135",
"destination-port":"0",
"protocol-name":"TCP",
"service-name":"SERVICE_IDP",
"application-name":"HTTP",
"rule-name":"9",
"rulebase-name":"IPS",
"policy-name":"Recommended",
"export-id":"15229",
"repeat-count":"0",
"action":"DROP",
"threat-severity":"HIGH",
"attack-name":"TROJAN:ZMEU-BOT-SCAN",
"nat-source-address":"0.0.0.0",
"nat-source-port":"0",
"nat-destination-address":"111.172.3.135",
"nat-destination-port":"0",
"elapsed-time":"0",
"inbound-bytes":"0",
"outbound-bytes":"0",
"inbound-packets":"0",
"outbound-packets":"0",
"source-zone-name":"sec-zone-name-internet",
"source-interface-name":"reth0",
"destination-zone-name":"dst-sec-zone1-outside",
"destination-interface-name":"reth1",
"packet-log-id":"0",
"alert":"no",
"username":"N/A",
"roles":"N/A",
"msg":"-"
},
{
"pri":"13",
"host":"firewall-host1",
"ident":"RT_IDP",
"pid":"-",
"msgid":"IDP_ATTACK_LOG_EVENT",
"extradata":"[junos@2636.1.1.1.2.135 epoch-time=\"1617366705\" message-type=\"SIG\" source-address=\"171.228.115.169\" source-port=\"45610\" destination-address=\"26.177.195.224\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"187.112.195.232\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]",
"dvc_os":"junos@2636.1.1.1.2.135",
"event_end_time":"1617366705",
"message-type":"SIG",
"source-address":"0.0.0.0",
"destination-address":"187.112.195.232",
"destination-port":"0",
"protocol-name":"TCP",
"service-name":"SERVICE_IDP",
"application-name":"HTTP",
"rule-name":"9",
"rulebase-name":"IPS",
"policy-name":"Recommended",
"export-id":"15229",
"repeat-count":"0",
"action":"DROP",
"threat-severity":"HIGH",
"attack-name":"TROJAN:ZMEU-BOT-SCAN",
"nat-source-address":"0.0.0.0",
"nat-source-port":"0",
"nat-destination-address":"187.112.195.232",
"nat-destination-port":"0",
"elapsed-time":"0",
"inbound-bytes":"0",
"outbound-bytes":"0",
"inbound-packets":"0",
"outbound-packets":"0",
"source-zone-name":"sec-zone-name-internet",
"source-interface-name":"reth0",
"destination-zone-name":"dst-sec-zone1-outside",
"destination-interface-name":"reth1",
"packet-log-id":"0",
"alert":"no",
"username":"N/A",
"roles":"N/A",
"msg":"-"
},
{
"pri":"13",
"host":"firewall-host1",
"ident":"RT_IDP",
"pid":"-",
"msgid":"IDP_ATTACK_LOG_EVENT",
"extradata":"[junos@2636.1.1.1.2.135 epoch-time=\"1617366706\" message-type=\"SIG\" source-address=\"58.48.132.116\" source-port=\"45610\" destination-address=\"76.90.34.94\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"13.110.228.65\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]",
"dvc_os":"junos@2636.1.1.1.2.135",
"event_end_time":"1617366706",
"message-type":"SIG",
"source-address":"0.0.0.0",
"destination-address":"13.110.228.65",
"destination-port":"0",
"protocol-name":"TCP",
"service-name":"SERVICE_IDP",
"application-name":"HTTP",
"rule-name":"9",
"rulebase-name":"IPS",
"policy-name":"Recommended",
"export-id":"15229",
"repeat-count":"0",
"action":"DROP",
"threat-severity":"HIGH",
"attack-name":"TROJAN:ZMEU-BOT-SCAN",
"nat-source-address":"0.0.0.0",
"nat-source-port":"0",
"nat-destination-address":"13.110.228.65",
"nat-destination-port":"0",
"elapsed-time":"0",
"inbound-bytes":"0",
"outbound-bytes":"0",
"inbound-packets":"0",
"outbound-packets":"0",
"source-zone-name":"sec-zone-name-internet",
"source-interface-name":"reth0",
"destination-zone-name":"dst-sec-zone1-outside",
"destination-interface-name":"reth1",
"packet-log-id":"0",
"alert":"no",
"username":"N/A",
"roles":"N/A",
"msg":"-"
},
{
"pri":"13",
"host":"firewall-host1",
"ident":"RT_IDP",
"pid":"-",
"msgid":"IDP_ATTACK_LOG_EVENT",
"extradata":"[junos@2636.1.1.1.2.135 epoch-time=\"1617366707\" message-type=\"SIG\" source-address=\"134.163.182.63\" source-port=\"45610\" destination-address=\"56.51.83.246\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"253.3.12.230\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]",
"dvc_os":"junos@2636.1.1.1.2.135",
"event_end_time":"1617366707",
"message-type":"SIG",
"source-address":"0.0.0.0",
"destination-address":"253.3.12.230",
"destination-port":"0",
"protocol-name":"TCP",
"service-name":"SERVICE_IDP",
"application-name":"HTTP",
"rule-name":"9",
"rulebase-name":"IPS",
"policy-name":"Recommended",
"export-id":"15229",
"repeat-count":"0",
"action":"DROP",
"threat-severity":"HIGH",
"attack-name":"TROJAN:ZMEU-BOT-SCAN",
"nat-source-address":"0.0.0.0",
"nat-source-port":"0",
"nat-destination-address":"253.3.12.230",
"nat-destination-port":"0",
"elapsed-time":"0",
"inbound-bytes":"0",
"outbound-bytes":"0",
"inbound-packets":"0",
"outbound-packets":"0",
"source-zone-name":"sec-zone-name-internet",
"source-interface-name":"reth0",
"destination-zone-name":"dst-sec-zone1-outside",
"destination-interface-name":"reth1",
"packet-log-id":"0",
"alert":"no",
"username":"N/A",
"roles":"N/A",
"msg":"-"
},
{
"pri":"13",
"host":"firewall-host1",
"ident":"RT_IDP",
"pid":"-",
"msgid":"IDP_ATTACK_LOG_EVENT",
"extradata":"[junos@2636.1.1.1.2.135 epoch-time=\"1617366708\" message-type=\"SIG\" source-address=\"231.209.71.3\" source-port=\"45610\" destination-address=\"165.96.82.159\" destination-port=\"80\" protocol-name=\"TCP\" service-name=\"SERVICE_IDP\" application-name=\"HTTP\" rule-name=\"9\" rulebase-name=\"IPS\" policy-name=\"Recommended\" export-id=\"15229\" repeat-count=\"0\" action=\"DROP\" threat-severity=\"HIGH\" attack-name=\"TROJAN:ZMEU-BOT-SCAN\" nat-source-address=\"0.0.0.0\" nat-source-port=\"0\" nat-destination-address=\"215.129.207.145\" nat-destination-port=\"0\" elapsed-time=\"0\" inbound-bytes=\"0\" outbound-bytes=\"0\" inbound-packets=\"0\" outbound-packets=\"0\" source-zone-name=\"sec-zone-name-internet\" source-interface-name=\"reth0\" destination-zone-name=\"dst-sec-zone1-outside\" destination-interface-name=\"reth1\" packet-log-id=\"0\" alert=\"no\" username=\"N/A\" roles=\"N/A\" message=\"-\"]",
"dvc_os":"junos@2636.1.1.1.2.135",
"event_end_time":"1617366708",
"message-type":"SIG",
"source-address":"0.0.0.0",
"destination-address":"215.129.207.145",
"destination-port":"0",
"protocol-name":"TCP",
"service-name":"SERVICE_IDP",
"application-name":"HTTP",
"rule-name":"9",
"rulebase-name":"IPS",
"policy-name":"Recommended",
"export-id":"15229",
"repeat-count":"0",
"action":"DROP",
"threat-severity":"HIGH",
"attack-name":"TROJAN:ZMEU-BOT-SCAN",
"nat-source-address":"0.0.0.0",
"nat-source-port":"0",
"nat-destination-address":"215.129.207.145",
"nat-destination-port":"0",
"elapsed-time":"0",
"inbound-bytes":"0",
"outbound-bytes":"0",
"inbound-packets":"0",
"outbound-packets":"0",
"source-zone-name":"sec-zone-name-internet",
"source-interface-name":"reth0",
"destination-zone-name":"dst-sec-zone1-outside",
"destination-interface-name":"reth1",
"packet-log-id":"0",
"alert":"no",
"username":"N/A",
"roles":"N/A",
"msg":"-"
},
{
"pri":"13",
"host":"firewall-host1",
"ident":"RT_IDP",
"pid":"-",
"msgid":"IDP_ATTACK_LOG_EVENT",
"dvc_os":"junos@2636.1.1.1.2.135",
"event_end_time":"1617611934",
"message-type":"SIG",
"source-address":"0.0.0.0",
"destination-address":"179.16.59.39",
"destination-port":"0",
"protocol-name":"TCP",
"service-name":"SERVICE_IDP",
"application-name":"HTTP",
"rule-name":"9",
"rulebase-name":"IPS",
"policy-name":"Recommended",
"export-id":"15229",
"repeat-count":"0",
"action":"DROP",
"threat-severity":"HIGH",
"attack-name":"TROJAN:ZMEU-BOT-SCAN",
"nat-source-address":"0.0.0.0",
"nat-source-port":"0",
"nat-destination-address":"179.16.59.39",
"nat-destination-port":"0",
"elapsed-time":"0",
"inbound-bytes":"0",
"outbound-bytes":"0",
"inbound-packets":"0",
"outbound-packets":"0",
"source-zone-name":"sec-zone-name-internet",
"source-interface-name":"reth0",
"destination-zone-name":"dst-sec-zone1-outside",
"destination-interface-name":"reth1",
"packet-log-id":"0",
"alert":"no",
"username":"N/A",
"roles":"N/A",
"msg":"-"
},
{
"pri":"13",
"host":"firewall-host1",
"ident":"RT_IDP",
"pid":"-",
"msgid":"IDP_ATTACK_LOG_EVENT",
"dvc_os":"junos@2636.1.1.1.2.135",
"event_end_time":"1617611935",
"message-type":"SIG",
"source-address":"0.0.0.0",
"destination-address":"21.207.253.181",
"destination-port":"0",
"protocol-name":"TCP",
"service-name":"SERVICE_IDP",
"application-name":"HTTP",
"rule-name":"9",
"rulebase-name":"IPS",
"policy-name":"Recommended",
"export-id":"15229",
"repeat-count":"0",
"action":"DROP",
"threat-severity":"HIGH",
"attack-name":"TROJAN:ZMEU-BOT-SCAN",
"nat-source-address":"0.0.0.0",
"nat-source-port":"0",
"nat-destination-address":"21.207.253.181",
"nat-destination-port":"0",
"elapsed-time":"0",
"inbound-bytes":"0",
"outbound-bytes":"0",
"inbound-packets":"0",
"outbound-packets":"0",
"source-zone-name":"sec-zone-name-internet",
"source-interface-name":"reth0",
"destination-zone-name":"dst-sec-zone1-outside",
"destination-interface-name":"reth1",
"packet-log-id":"0",
"alert":"no",
"username":"N/A",
"roles":"N/A",
"msg":"-"
},
{
"pri":"13",
"host":"firewall-host1",
"ident":"RT_IDP",
"pid":"-",
"msgid":"IDP_ATTACK_LOG_EVENT",
"dvc_os":"junos@2636.1.1.1.2.135",
"event_end_time":"1617611936",
"message-type":"SIG",
"source-address":"0.0.0.0",
"destination-address":"182.175.191.50",
"destination-port":"0",
"protocol-name":"TCP",
"service-name":"SERVICE_IDP",
"application-name":"HTTP",
"rule-name":"9",
"rulebase-name":"IPS",
"policy-name":"Recommended",
"export-id":"15229",
"repeat-count":"0",
"action":"DROP",
"threat-severity":"HIGH",
"attack-name":"TROJAN:ZMEU-BOT-SCAN",
"nat-source-address":"0.0.0.0",
"nat-source-port":"0",
"nat-destination-address":"182.175.191.50",
"nat-destination-port":"0",
"elapsed-time":"0",
"inbound-bytes":"0",
"outbound-bytes":"0",
"inbound-packets":"0",
"outbound-packets":"0",
"source-zone-name":"sec-zone-name-internet",
"source-interface-name":"reth0",
"destination-zone-name":"dst-sec-zone1-outside",
"destination-interface-name":"reth1",
"packet-log-id":"0",
"alert":"no",
"username":"N/A",
"roles":"N/A",
"msg":"-"
},
{
"pri":"13",
"host":"firewall-host1",
"ident":"RT_IDP",
"pid":"-",
"msgid":"IDP_ATTACK_LOG_EVENT",
"dvc_os":"junos@2636.1.1.1.2.135",
"event_end_time":"1617611937",
"message-type":"SIG",
"source-address":"0.0.0.0",
"destination-address":"64.217.206.182",
"destination-port":"0",
"protocol-name":"TCP",
"service-name":"SERVICE_IDP",
"application-name":"HTTP",
"rule-name":"9",
"rulebase-name":"IPS",
"policy-name":"Recommended",
"export-id":"15229",
"repeat-count":"0",
"action":"DROP",
"threat-severity":"HIGH",
"attack-name":"TROJAN:ZMEU-BOT-SCAN",
"nat-source-address":"0.0.0.0",
"nat-source-port":"0",
"nat-destination-address":"64.217.206.182",
"nat-destination-port":"0",
"elapsed-time":"0",
"inbound-bytes":"0",
"outbound-bytes":"0",
"inbound-packets":"0",
"outbound-packets":"0",
"source-zone-name":"sec-zone-name-internet",
"source-interface-name":"reth0",
"destination-zone-name":"dst-sec-zone1-outside",
"destination-interface-name":"reth1",
"packet-log-id":"0",
"alert":"no",
"username":"N/A",
"roles":"N/A",
"msg":"-"
}
]
Ссылка в новой задаче Показать git blame Копировать постоянную ссылку