/
UTICA-ONE-DRIVE_ssl.log
59 lines (59 loc) · 25.4 KB
/
UTICA-ONE-DRIVE_ssl.log
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317520.803705,"uid":"CBz3qg3DxekilDreuk","id_orig_h":"10.0.1.5","id_orig_p":61311,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317521.154315,"uid":"CVWQTx499SJPMJ9Sy5","id_orig_h":"10.0.1.5","id_orig_p":61312,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317526.193142,"uid":"CWoJQBaBs325pXHz7","id_orig_h":"10.0.1.5","id_orig_p":61316,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317526.850739,"uid":"CZSCgn2R2zyMAZt3O1","id_orig_h":"10.0.1.5","id_orig_p":61317,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317530.226006,"uid":"CZWFkA1QIKXCEiRpyi","id_orig_h":"10.0.1.5","id_orig_p":61318,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317531.881714,"uid":"C5naEj3TDzV0niwSvl","id_orig_h":"10.0.1.5","id_orig_p":61319,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317535.913818,"uid":"ChsHfD1pFD1Vt2t0Tl","id_orig_h":"10.0.1.5","id_orig_p":61320,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317536.27305,"uid":"CLQXuL2Iu664mjW377","id_orig_h":"10.0.1.5","id_orig_p":61321,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317539.963859,"uid":"CQY5m91zPoVRMLk1H1","id_orig_h":"10.0.1.5","id_orig_p":61322,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317540.308366,"uid":"CnAr9L3mbK6npzJEjl","id_orig_h":"10.0.1.5","id_orig_p":61323,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317546.006134,"uid":"CAHPTC4yuFiF34I6I3","id_orig_h":"10.0.1.5","id_orig_p":61324,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317546.340609,"uid":"C5XFH52Ax2FVyELl77","id_orig_h":"10.0.1.5","id_orig_p":61325,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317551.045625,"uid":"CHZV7x1vjplJv6TBhd","id_orig_h":"10.0.1.5","id_orig_p":61326,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317551.383003,"uid":"C8Y8uD8j0BDc4MDIj","id_orig_h":"10.0.1.5","id_orig_p":61327,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317555.075882,"uid":"CyDG4h2OwavsXMKWh6","id_orig_h":"10.0.1.5","id_orig_p":61328,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317555.48864,"uid":"CP59Z12FyCHPDOtSeg","id_orig_h":"10.0.1.5","id_orig_p":61329,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317555.546455,"uid":"C58MbK29uoAFVoAU6i","id_orig_h":"10.0.1.5","id_orig_p":61330,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317560.516085,"uid":"CP4ex01CxHcqwxUef8","id_orig_h":"10.0.1.5","id_orig_p":61331,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317561.594138,"uid":"Cugdod35VUgiy7AK7i","id_orig_h":"10.0.1.5","id_orig_p":61332,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317565.555567,"uid":"COy0Vo2unnwmaHnmme","id_orig_h":"10.0.1.5","id_orig_p":61333,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317566.189663,"uid":"CvV6vYV7X0ynQtMl4","id_orig_h":"10.0.1.5","id_orig_p":61334,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317570.241249,"uid":"CXCyHxrWhfBdNWHKk","id_orig_h":"10.0.1.5","id_orig_p":61335,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317570.597117,"uid":"CXaO6rzJNBLreIKi8","id_orig_h":"10.0.1.5","id_orig_p":61336,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317575.273291,"uid":"CKCCsE47iRCseYo37d","id_orig_h":"10.0.1.5","id_orig_p":61337,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317576.631081,"uid":"ClIKqq16Jfv1Cx3W7d","id_orig_h":"10.0.1.5","id_orig_p":61338,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317581.307327,"uid":"CDbS0W118RrON6iYJ7","id_orig_h":"10.0.1.5","id_orig_p":61339,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317581.630071,"uid":"CaWnfw1s0PAvXinTZ9","id_orig_h":"10.0.1.5","id_orig_p":61340,"id_resp_h":"13.107.42.12","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","curve":"secp384r1","server_name":"d.docs.live.net","resumed":false,"established":true,"cert_chain_fuids":["FD5KIi39IbPe8eJSk5","FlPTB73RbmMhnltCU9"],"client_cert_chain_fuids":[],"subject":"CN=storage.live.com,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=WA,C=US","issuer":"CN=Microsoft IT TLS CA 4,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US","validation_status":"ok","resp_certificate_sha1":"57ec78dd178129d9fb382329005efd3c472bf865","ja3":"a0e9f5d64349fb13191bc781f81f42e1","ja3s":"71d9ce75f347e6cf54268d7114ae6925"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317582.666741,"uid":"CGY9vA2mFWRvWUzeXl","id_orig_h":"10.0.1.5","id_orig_p":61341,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317586.035203,"uid":"CdwN111qLpEMjaoJRb","id_orig_h":"10.0.1.5","id_orig_p":61342,"id_resp_h":"40.90.137.116","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","curve":"secp256r1","server_name":"nexus.passport.com","resumed":false,"established":true,"cert_chain_fuids":["FCESBF366mPnsVfydd","FVSAmX3BLiBCFjVMRl"],"client_cert_chain_fuids":[],"subject":"CN=login.live.com","issuer":"CN=Microsoft IT TLS CA 1,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US","validation_status":"ok","resp_certificate_sha1":"46230f46d25132fe6888a8120fb27b34772da606","ja3":"a0e9f5d64349fb13191bc781f81f42e1","ja3s":"986571066668055ae9481cb84fda634a"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317586.055576,"uid":"Cucrl33pS471zDDcaa","id_orig_h":"10.0.1.5","id_orig_p":61343,"id_resp_h":"40.90.137.124","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","curve":"x25519","server_name":"login.live.com","resumed":false,"established":true,"cert_chain_fuids":["FSxkzR1m5WboCD0L9h","Fpxxlp1morhjjFA8Te"],"client_cert_chain_fuids":[],"subject":"CN=login.live.com","issuer":"CN=Microsoft IT TLS CA 1,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US","validation_status":"ok","resp_certificate_sha1":"46230f46d25132fe6888a8120fb27b34772da606","ja3":"a0e9f5d64349fb13191bc781f81f42e1","ja3s":"9cac3f41e89d651cd76e799381601768"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317586.733033,"uid":"CxXHib2b5U9KPLkyUk","id_orig_h":"10.0.1.5","id_orig_p":61344,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317589.19765,"uid":"Cqw46i16qD33NVolKc","id_orig_h":"10.0.1.5","id_orig_p":61345,"id_resp_h":"13.107.42.12","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","curve":"secp384r1","server_name":"d.docs.live.net","resumed":false,"next_protocol":"h2","established":true,"cert_chain_fuids":["FIyTUr3rMdPTDLdR9c","Fhugdd11LLTUKAOjob"],"client_cert_chain_fuids":[],"subject":"CN=storage.live.com,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=WA,C=US","issuer":"CN=Microsoft IT TLS CA 4,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US","validation_status":"ok","resp_certificate_sha1":"57ec78dd178129d9fb382329005efd3c472bf865","ja3":"28a2c9bd18a11de089ef85a160da29e4","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317589.25276,"uid":"CQRBMi1sOxOjL46vxa","id_orig_h":"10.0.1.5","id_orig_p":61346,"id_resp_h":"40.90.137.116","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","curve":"secp256r1","server_name":"nexus.passport.com","resumed":false,"next_protocol":"h2","established":true,"cert_chain_fuids":["FSNb2qr46b7R8fEF4","FY5ml23wk09FD1og33"],"client_cert_chain_fuids":[],"subject":"CN=login.live.com","issuer":"CN=Microsoft IT TLS CA 1,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US","validation_status":"ok","resp_certificate_sha1":"46230f46d25132fe6888a8120fb27b34772da606","ja3":"28a2c9bd18a11de089ef85a160da29e4","ja3s":"67bfe5d15ae567fb35fd7837f0116eec"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317589.269502,"uid":"C4PcwN3FXMzeES6WF9","id_orig_h":"10.0.1.5","id_orig_p":61347,"id_resp_h":"40.90.137.124","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","curve":"x25519","server_name":"login.live.com","resumed":false,"next_protocol":"h2","established":true,"cert_chain_fuids":["FVVXsZ2zdL83MxinGb","FBRnd846yKZDmeL6Ui"],"client_cert_chain_fuids":[],"subject":"CN=login.live.com","issuer":"CN=Microsoft IT TLS CA 1,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US","validation_status":"ok","resp_certificate_sha1":"46230f46d25132fe6888a8120fb27b34772da606","ja3":"28a2c9bd18a11de089ef85a160da29e4","ja3s":"8415e777e0df6478fa9e17af0701002f"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317589.409654,"uid":"CJ4Hl5498LcDSB6fg2","id_orig_h":"10.0.1.5","id_orig_p":61348,"id_resp_h":"13.107.42.12","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","curve":"secp384r1","server_name":"d.docs.live.net","resumed":false,"next_protocol":"h2","established":true,"cert_chain_fuids":["Fltosc2X6ZGGQJ5iW2","FUuqFf4hee8GPZEztd"],"client_cert_chain_fuids":[],"subject":"CN=storage.live.com,OU=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=WA,C=US","issuer":"CN=Microsoft IT TLS CA 4,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US","validation_status":"ok","resp_certificate_sha1":"57ec78dd178129d9fb382329005efd3c472bf865","ja3":"28a2c9bd18a11de089ef85a160da29e4","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317589.495498,"uid":"CgJoZm1hGQlXy4B0Pk","id_orig_h":"10.0.1.5","id_orig_p":61349,"id_resp_h":"40.90.137.116","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","curve":"secp256r1","server_name":"nexus.passport.com","resumed":false,"next_protocol":"h2","established":true,"cert_chain_fuids":["FUphWG3iIoS2pJrJp9","FiRIhy11skvANNywY3"],"client_cert_chain_fuids":[],"subject":"CN=login.live.com","issuer":"CN=Microsoft IT TLS CA 1,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US","validation_status":"ok","resp_certificate_sha1":"46230f46d25132fe6888a8120fb27b34772da606","ja3":"28a2c9bd18a11de089ef85a160da29e4","ja3s":"67bfe5d15ae567fb35fd7837f0116eec"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317589.510373,"uid":"CgGXNL278IqNoEoKW5","id_orig_h":"10.0.1.5","id_orig_p":61350,"id_resp_h":"40.90.137.124","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","curve":"secp256r1","server_name":"login.live.com","resumed":false,"next_protocol":"h2","established":true,"cert_chain_fuids":["Fw0xiN3lrXrq2ju7he","FPAh0SkmuStMxghB9"],"client_cert_chain_fuids":[],"subject":"CN=login.live.com","issuer":"CN=Microsoft IT TLS CA 1,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US","validation_status":"ok","resp_certificate_sha1":"46230f46d25132fe6888a8120fb27b34772da606","ja3":"28a2c9bd18a11de089ef85a160da29e4","ja3s":"67bfe5d15ae567fb35fd7837f0116eec"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317592.010646,"uid":"CColvn2pfn0aEt48va","id_orig_h":"10.0.1.5","id_orig_p":61352,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317592.18913,"uid":"CwuIqwuJ6x1bUtDre","id_orig_h":"10.0.1.5","id_orig_p":61353,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317596.046465,"uid":"CuUp3g3Fnzqmllnw7","id_orig_h":"10.0.1.5","id_orig_p":61354,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317596.234036,"uid":"CtfNMA1xiA2df6U2ma","id_orig_h":"10.0.1.5","id_orig_p":61355,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317599.783026,"uid":"Canjzq1wS1ML3jWQOj","id_orig_h":"10.0.1.5","id_orig_p":61356,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317602.110451,"uid":"CAjR9g4EY3cmKX4kcc","id_orig_h":"10.0.1.5","id_orig_p":61357,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317603.847616,"uid":"CBIOD64nbWxqes41Xj","id_orig_h":"10.0.1.5","id_orig_p":61358,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317606.143055,"uid":"CzB8aX2cV72HtFLfsc","id_orig_h":"10.0.1.5","id_orig_p":61359,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317609.88064,"uid":"C6oQo53Wzjtr65Bjqf","id_orig_h":"10.0.1.5","id_orig_p":61361,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317611.163211,"uid":"C0pLSq1p0lRXZPR7Pc","id_orig_h":"10.0.1.5","id_orig_p":61362,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317615.916633,"uid":"CotVQUSQ8IrZ4Llfg","id_orig_h":"10.0.1.5","id_orig_p":61364,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317617.199147,"uid":"CMvbirxkvx3I1ASR2","id_orig_h":"10.0.1.5","id_orig_p":61365,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317620.952528,"uid":"COxOQm3aYgCJ6mIeM9","id_orig_h":"10.0.1.5","id_orig_p":61366,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317622.235671,"uid":"CHHoe637tqYaDIjiS3","id_orig_h":"10.0.1.5","id_orig_p":61368,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317621.832919,"uid":"CZK96w2dHBQpLo2czi","id_orig_h":"10.0.1.5","id_orig_p":61367,"id_resp_h":"52.114.6.47","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","curve":"x25519","server_name":"self.events.data.microsoft.com","resumed":false,"established":true,"cert_chain_fuids":["FdnLty13tnYvBuoomj","FtEnl32lljVxHmfHL"],"client_cert_chain_fuids":[],"subject":"CN=*.events.data.microsoft.com","issuer":"CN=Microsoft IT TLS CA 4,OU=Microsoft IT,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US","validation_status":"ok","resp_certificate_sha1":"33b3b7e9da25f5a004e96387b6fb5477dbed27eb","ja3":"a0e9f5d64349fb13191bc781f81f42e1","ja3s":"986571066668055ae9481cb84fda634a"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317624.98691,"uid":"CYEfU2xfQWxM5UVbe","id_orig_h":"10.0.1.5","id_orig_p":61369,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317626.268458,"uid":"CzrAnm3bpOra5I9Fcd","id_orig_h":"10.0.1.5","id_orig_p":61370,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317630.023396,"uid":"CIp1kAF3PkPNrx2C3","id_orig_h":"10.0.1.5","id_orig_p":61371,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317632.305154,"uid":"CZkz9d1mfdvLxeUCQb","id_orig_h":"10.0.1.5","id_orig_p":61372,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317634.055827,"uid":"CmBFgR2OOmxAgZFQE8","id_orig_h":"10.0.1.5","id_orig_p":61373,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317636.338624,"uid":"C7OhLo3Nkd6nWE4tf4","id_orig_h":"10.0.1.5","id_orig_p":61374,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}
{"@stream":"ssl","@system":"test-nsm","@proc":"zeek","ts":1588317639.071145,"uid":"CFPHZ01qLX3fT9cK78","id_orig_h":"10.0.1.5","id_orig_p":61375,"id_resp_h":"192.168.0.4","id_resp_p":443,"version":"TLSv12","cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","resumed":true,"established":true,"ja3":"c12f54a3f91dc7bafd92cb59fe009a35","ja3s":"fd4bc6cea4877646ccd62f0792ec0b62"}