118 строки
3.6 KiB
JSON
118 строки
3.6 KiB
JSON
[
|
|
{
|
|
"TimeGenerated [UTC]": "4/27/2022, 9:58:02.948 AM",
|
|
"EventVendor": "Nozomi Networks",
|
|
"EventProduct": "N2OS",
|
|
"EventProductVersion": "18.5.4-03291152_AF752",
|
|
"EventSubType": "Duplicate IP",
|
|
"EventSeverity": 5,
|
|
"SrcIpAddr": "",
|
|
"SrcHostName": "",
|
|
"DstIpAddr": "",
|
|
"DstHostname": "",
|
|
"EventType": "Alert",
|
|
"EventMessage": "IP 172.16.0.253 is duplicated by MACs",
|
|
"EventStartTime [UTC]": "11/22/2017, 5:50:04.000 PM",
|
|
"DvcHostname": "nozomi-sg.local",
|
|
"MitreAttackTactics": "",
|
|
"MitreAttackTechniques": "",
|
|
"Risk": 5,
|
|
"IsSecurity": true,
|
|
"EventOriginalUid": "",
|
|
"TriggerType": "",
|
|
"Parents": "",
|
|
"NetworkApplicationProtocol": "arp",
|
|
"DstMacAddr": "00:0c:29:28:dd:c6",
|
|
"SrcMacAddr": "00:0c:29:28:dd:c5",
|
|
"DstPortNumber": 0,
|
|
"SrcPortNumber": 0,
|
|
"SrcUserName": ""
|
|
},
|
|
{
|
|
"TimeGenerated [UTC]": "4/27/2022, 9:58:03.961 AM",
|
|
"EventVendor": "Nozomi Networks",
|
|
"EventProduct": "N2OS",
|
|
"EventProductVersion": "18.5.4-03291152_AF752",
|
|
"EventSubType": "Duplicate IP",
|
|
"EventSeverity": 5,
|
|
"SrcIpAddr": "",
|
|
"SrcHostName": "",
|
|
"DstIpAddr": "",
|
|
"DstHostname": "",
|
|
"EventType": "Alert",
|
|
"EventMessage": "IP 172.16.0.253 is duplicated by MACs",
|
|
"EventStartTime [UTC]": "11/22/2017, 5:50:04.000 PM",
|
|
"DvcHostname": "nozomi-sg.local",
|
|
"MitreAttackTactics": "",
|
|
"MitreAttackTechniques": "",
|
|
"Risk": 5,
|
|
"IsSecurity": true,
|
|
"EventOriginalUid": "",
|
|
"TriggerType": "",
|
|
"Parents": "",
|
|
"NetworkApplicationProtocol": "arp",
|
|
"DstMacAddr": "00:0c:29:28:dd:c6",
|
|
"SrcMacAddr": "00:0c:29:28:dd:c5",
|
|
"DstPortNumber": 0,
|
|
"SrcPortNumber": 0,
|
|
"SrcUserName": ""
|
|
},
|
|
{
|
|
"TimeGenerated [UTC]": "4/27/2022, 9:58:04.715 AM",
|
|
"EventVendor": "Nozomi Networks",
|
|
"EventProduct": "N2OS",
|
|
"EventProductVersion": "18.5.4-03291152_AF752",
|
|
"EventSubType": "Duplicate IP",
|
|
"EventSeverity": 5,
|
|
"SrcIpAddr": "",
|
|
"SrcHostName": "",
|
|
"DstIpAddr": "",
|
|
"DstHostname": "",
|
|
"EventType": "Alert",
|
|
"EventMessage": "IP 172.16.0.253 is duplicated by MACs",
|
|
"EventStartTime [UTC]": "11/22/2017, 5:50:04.000 PM",
|
|
"DvcHostname": "nozomi-sg.local",
|
|
"MitreAttackTactics": "",
|
|
"MitreAttackTechniques": "",
|
|
"Risk": 5,
|
|
"IsSecurity": true,
|
|
"EventOriginalUid": "",
|
|
"TriggerType": "",
|
|
"Parents": "",
|
|
"NetworkApplicationProtocol": "arp",
|
|
"DstMacAddr": "00:0c:29:28:dd:c6",
|
|
"SrcMacAddr": "00:0c:29:28:dd:c5",
|
|
"DstPortNumber": 0,
|
|
"SrcPortNumber": 0,
|
|
"SrcUserName": ""
|
|
},
|
|
{
|
|
"TimeGenerated [UTC]": "4/27/2022, 10:03:32.124 AM",
|
|
"EventVendor": "Nozomi Networks",
|
|
"EventProduct": "N2OS",
|
|
"EventProductVersion": "18.5.4-03291152_AF752",
|
|
"EventSubType": "Link RST sent by Producer",
|
|
"EventSeverity": 3,
|
|
"SrcIpAddr": "192.168.1.1",
|
|
"SrcHostName": "C-DFIR-WIN7-X86",
|
|
"DstIpAddr": "192.168.1.2",
|
|
"DstHostname": "DFIR-WIN7",
|
|
"EventType": "Alert",
|
|
"EventMessage": "Appliance is stale",
|
|
"EventStartTime [UTC]": "11/22/2017, 5:50:04.000 PM",
|
|
"DvcHostname": "nozomi-dev",
|
|
"MitreAttackTactics": "Impair Process Control, Inhibit Response Function, Persistance",
|
|
"MitreAttackTechniques": "T843",
|
|
"Risk": 3.5,
|
|
"IsSecurity": true,
|
|
"EventOriginalUid": "123e4567-e89b-12d3-a456-426614174000",
|
|
"TriggerType": "{trigger_type:packet_rules,trigger_id:123e4567-e89b-12d3-a456-426614174004}",
|
|
"Parents": "[123e4567-e89b-12d3-a456-426614174001]",
|
|
"NetworkApplicationProtocol": "smb",
|
|
"DstMacAddr": "00:0c:29:28:dd:c6",
|
|
"SrcMacAddr": "00:0c:29:28:dd:c5",
|
|
"DstPortNumber": 445,
|
|
"SrcPortNumber": 444,
|
|
"SrcUserName": ""
|
|
}
|
|
] |