FERs
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
Cisco_ASA
GoogleAudit
McAfee Web Gateway
Microsoft Windows
Office365
Palo Alto
README.md
SourceFire

README.md

Common field names: credit goes to bro.org

ts - timestamp

uid - unique id

src_host - source hostname

src_ip - source IP

src_port - source Port

src_user - source user, could be acting user

dest_ip - destination IP (bro says dst_ip)

dest_host - destination or target host name

dest_port - destination Port (bro says dst_port)

dest_user - acted upon user

ip_proto - IP Communication protocol: ie: tcp, udp, icmp, etc

service - Name of the service, ie: DHCP, DNS, etc (device_role - domain_controller, server, workstation, switch, firewall)

duration - time

orig_bytes - number of bytes, request bytes

resp_bytes - response bytes

conn_state - Connection State

local_orig -

missed_bytes -

history -

orig_packets -

orig_ip_bytes -

resp_packets -

resp_ip_bytes -

tunnel_parents -

orig_cc -

resp_cc -

sensorname -

trans_depth -

method - GET/PUT/POST

host - Host name

uri - URI

referrer -

user_agent -

request_body_len -

response_body_len -

status_code -

status_msg -

info_code -

info_msg -

filename -

tags -

username -

password -

proxied -

orig_fuids -

orig_mime_types -

resp_fuids -

resp_mime_types -

facility - syslog facility

severity -

message -

mac -

remote_ip -

connect_info -

result