/
eve-dns-4.1.4.log-expected.json
1150 lines (1150 loc) · 51.4 KB
/
eve-dns-4.1.4.log-expected.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
[
{
"@timestamp": "2019-08-22T23:48:27.924Z",
"destination.address": "10.0.2.3",
"destination.ip": "10.0.2.3",
"destination.port": 53,
"dns.id": "51803",
"dns.question.name": "google.com",
"dns.question.registered_domain": "google.com",
"dns.question.type": "A",
"dns.type": "query",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-22T23:48:27.924120+0000\",\"flow_id\":885455453886936,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":46686,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":51803,\"rrname\":\"google.com\",\"rrtype\":\"A\",\"tx_id\":0}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 0,
"network.community_id": "1:HActqwgIaYeC8fc4sfMGrL8jjaI=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.15",
"source.ip": "10.0.2.15",
"source.port": 46686,
"suricata.eve.dns.id": 51803,
"suricata.eve.dns.rrname": "google.com",
"suricata.eve.dns.rrtype": "A",
"suricata.eve.dns.tx_id": 0,
"suricata.eve.dns.type": "query",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 885455453886936,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-22T23:48:27.924Z",
"destination.address": "10.0.2.3",
"destination.ip": "10.0.2.3",
"destination.port": 53,
"dns.id": "39523",
"dns.question.name": "google.com",
"dns.question.registered_domain": "google.com",
"dns.question.type": "AAAA",
"dns.type": "query",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-22T23:48:27.924282+0000\",\"flow_id\":1418448010418810,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":36993,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":39523,\"rrname\":\"google.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 280,
"network.community_id": "1:Z5dwZB2hQ1ZuxC+6Jw04VtuJ1lw=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.15",
"source.ip": "10.0.2.15",
"source.port": 36993,
"suricata.eve.dns.id": 39523,
"suricata.eve.dns.rrname": "google.com",
"suricata.eve.dns.rrtype": "AAAA",
"suricata.eve.dns.tx_id": 0,
"suricata.eve.dns.type": "query",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 1418448010418810,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-22T23:48:27.950Z",
"destination.address": "10.0.2.15",
"destination.ip": "10.0.2.15",
"destination.port": 36993,
"dns.answers": [
{
"data": "2607:f8b0:4006:0805:0000:0000:0000:200e",
"name": "google.com",
"ttl": 272,
"type": "AAAA"
}
],
"dns.header_flags": [
"RD",
"RA"
],
"dns.id": "39523",
"dns.question.name": "google.com",
"dns.question.registered_domain": "google.com",
"dns.question.type": "AAAA",
"dns.resolved_ip": [
"2607:f8b0:4006:0805:0000:0000:0000:200e"
],
"dns.response_code": "NOERROR",
"dns.type": "answer",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-22T23:48:27.950946+0000\",\"flow_id\":1418448010418810,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":36993,\"proto\":\"UDP\",\"dns\":{\"version\":2,\"type\":\"answer\",\"id\":39523,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"google.com\",\"rrtype\":\"AAAA\",\"answers\":[{\"rrname\":\"google.com\",\"rrtype\":\"AAAA\",\"ttl\":272,\"rdata\":\"2607:f8b0:4006:0805:0000:0000:0000:200e\"}],\"grouped\":{\"AAAA\":[\"2607:f8b0:4006:0805:0000:0000:0000:200e\"]}}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 564,
"network.community_id": "1:Z5dwZB2hQ1ZuxC+6Jw04VtuJ1lw=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.3",
"source.ip": "10.0.2.3",
"source.port": 53,
"suricata.eve.dns.id": 39523,
"suricata.eve.dns.rcode": "NOERROR",
"suricata.eve.dns.rrname": "google.com",
"suricata.eve.dns.rrtype": "AAAA",
"suricata.eve.dns.type": "answer",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 1418448010418810,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-22T23:48:27.957Z",
"destination.address": "10.0.2.15",
"destination.ip": "10.0.2.15",
"destination.port": 46686,
"dns.answers": [
{
"data": "172.217.11.46",
"name": "google.com",
"ttl": 299,
"type": "A"
}
],
"dns.header_flags": [
"RD",
"RA"
],
"dns.id": "51803",
"dns.question.name": "google.com",
"dns.question.registered_domain": "google.com",
"dns.question.type": "A",
"dns.resolved_ip": [
"172.217.11.46"
],
"dns.response_code": "NOERROR",
"dns.type": "answer",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-22T23:48:27.957906+0000\",\"flow_id\":885455453886936,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":46686,\"proto\":\"UDP\",\"dns\":{\"version\":2,\"type\":\"answer\",\"id\":51803,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"google.com\",\"rrtype\":\"A\",\"answers\":[{\"rrname\":\"google.com\",\"rrtype\":\"A\",\"ttl\":299,\"rdata\":\"172.217.11.46\"}],\"grouped\":{\"A\":[\"172.217.11.46\"]}}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 1089,
"network.community_id": "1:HActqwgIaYeC8fc4sfMGrL8jjaI=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.3",
"source.ip": "10.0.2.3",
"source.port": 53,
"suricata.eve.dns.id": 51803,
"suricata.eve.dns.rcode": "NOERROR",
"suricata.eve.dns.rrname": "google.com",
"suricata.eve.dns.rrtype": "A",
"suricata.eve.dns.type": "answer",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 885455453886936,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-22T23:48:48.839Z",
"destination.address": "10.0.2.3",
"destination.ip": "10.0.2.3",
"destination.port": 53,
"dns.id": "60273",
"dns.question.name": "www.elastic.co",
"dns.question.registered_domain": "elastic.co",
"dns.question.type": "A",
"dns.type": "query",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-22T23:48:48.839495+0000\",\"flow_id\":40074894954311,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":50720,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":60273,\"rrname\":\"www.elastic.co\",\"rrtype\":\"A\",\"tx_id\":0}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 1552,
"network.community_id": "1:vfjW/QLkaS6+iMbv/HRuEOgqA4o=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.15",
"source.ip": "10.0.2.15",
"source.port": 50720,
"suricata.eve.dns.id": 60273,
"suricata.eve.dns.rrname": "www.elastic.co",
"suricata.eve.dns.rrtype": "A",
"suricata.eve.dns.tx_id": 0,
"suricata.eve.dns.type": "query",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 40074894954311,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-22T23:48:48.839Z",
"destination.address": "10.0.2.3",
"destination.ip": "10.0.2.3",
"destination.port": 53,
"dns.id": "4210",
"dns.question.name": "www.elastic.co",
"dns.question.registered_domain": "elastic.co",
"dns.question.type": "AAAA",
"dns.type": "query",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-22T23:48:48.839714+0000\",\"flow_id\":2130691028471842,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":41979,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":4210,\"rrname\":\"www.elastic.co\",\"rrtype\":\"AAAA\",\"tx_id\":0}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 1835,
"network.community_id": "1:SDBTqhsjpXwQyrvRX6xpeEaMsAg=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.15",
"source.ip": "10.0.2.15",
"source.port": 41979,
"suricata.eve.dns.id": 4210,
"suricata.eve.dns.rrname": "www.elastic.co",
"suricata.eve.dns.rrtype": "AAAA",
"suricata.eve.dns.tx_id": 0,
"suricata.eve.dns.type": "query",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 2130691028471842,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-22T23:48:48.901Z",
"destination.address": "10.0.2.15",
"destination.ip": "10.0.2.15",
"destination.port": 50720,
"dns.answers": [
{
"data": "dualstack.r2.shared.global.fastly.net",
"name": "www.elastic.co",
"ttl": 270,
"type": "CNAME"
},
{
"data": "151.101.130.217",
"name": "dualstack.r2.shared.global.fastly.net",
"ttl": 29,
"type": "A"
},
{
"data": "151.101.194.217",
"name": "dualstack.r2.shared.global.fastly.net",
"ttl": 29,
"type": "A"
},
{
"data": "151.101.2.217",
"name": "dualstack.r2.shared.global.fastly.net",
"ttl": 29,
"type": "A"
},
{
"data": "151.101.66.217",
"name": "dualstack.r2.shared.global.fastly.net",
"ttl": 29,
"type": "A"
}
],
"dns.header_flags": [
"RD",
"RA"
],
"dns.id": "60273",
"dns.question.name": "www.elastic.co",
"dns.question.registered_domain": "elastic.co",
"dns.question.type": "A",
"dns.resolved_ip": [
"151.101.130.217",
"151.101.194.217",
"151.101.2.217",
"151.101.66.217"
],
"dns.response_code": "NOERROR",
"dns.type": "answer",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-22T23:48:48.901548+0000\",\"flow_id\":40074894954311,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":50720,\"proto\":\"UDP\",\"dns\":{\"version\":2,\"type\":\"answer\",\"id\":60273,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"www.elastic.co\",\"rrtype\":\"A\",\"answers\":[{\"rrname\":\"www.elastic.co\",\"rrtype\":\"CNAME\",\"ttl\":270,\"rdata\":\"dualstack.r2.shared.global.fastly.net\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"A\",\"ttl\":29,\"rdata\":\"151.101.130.217\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"A\",\"ttl\":29,\"rdata\":\"151.101.194.217\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"A\",\"ttl\":29,\"rdata\":\"151.101.2.217\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"A\",\"ttl\":29,\"rdata\":\"151.101.66.217\"}],\"grouped\":{\"A\":[\"151.101.130.217\",\"151.101.194.217\",\"151.101.2.217\",\"151.101.66.217\"],\"CNAME\":[\"dualstack.r2.shared.global.fastly.net\"]}}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 2122,
"network.community_id": "1:vfjW/QLkaS6+iMbv/HRuEOgqA4o=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.3",
"source.ip": "10.0.2.3",
"source.port": 53,
"suricata.eve.dns.id": 60273,
"suricata.eve.dns.rcode": "NOERROR",
"suricata.eve.dns.rrname": "www.elastic.co",
"suricata.eve.dns.rrtype": "A",
"suricata.eve.dns.type": "answer",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 40074894954311,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-22T23:48:48.902Z",
"destination.address": "10.0.2.15",
"destination.ip": "10.0.2.15",
"destination.port": 41979,
"dns.answers": [
{
"data": "dualstack.r2.shared.global.fastly.net",
"name": "www.elastic.co",
"ttl": 299,
"type": "CNAME"
},
{
"data": "2a04:4e42:0600:0000:0000:0000:0000:0729",
"name": "dualstack.r2.shared.global.fastly.net",
"ttl": 29,
"type": "AAAA"
},
{
"data": "2a04:4e42:0000:0000:0000:0000:0000:0729",
"name": "dualstack.r2.shared.global.fastly.net",
"ttl": 29,
"type": "AAAA"
},
{
"data": "2a04:4e42:0200:0000:0000:0000:0000:0729",
"name": "dualstack.r2.shared.global.fastly.net",
"ttl": 29,
"type": "AAAA"
},
{
"data": "2a04:4e42:0400:0000:0000:0000:0000:0729",
"name": "dualstack.r2.shared.global.fastly.net",
"ttl": 29,
"type": "AAAA"
}
],
"dns.header_flags": [
"RD",
"RA"
],
"dns.id": "4210",
"dns.question.name": "www.elastic.co",
"dns.question.registered_domain": "elastic.co",
"dns.question.type": "AAAA",
"dns.resolved_ip": [
"2a04:4e42:0600:0000:0000:0000:0000:0729",
"2a04:4e42:0000:0000:0000:0000:0000:0729",
"2a04:4e42:0200:0000:0000:0000:0000:0729",
"2a04:4e42:0400:0000:0000:0000:0000:0729"
],
"dns.response_code": "NOERROR",
"dns.type": "answer",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-22T23:48:48.902685+0000\",\"flow_id\":2130691028471842,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":41979,\"proto\":\"UDP\",\"dns\":{\"version\":2,\"type\":\"answer\",\"id\":4210,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"www.elastic.co\",\"rrtype\":\"AAAA\",\"answers\":[{\"rrname\":\"www.elastic.co\",\"rrtype\":\"CNAME\",\"ttl\":299,\"rdata\":\"dualstack.r2.shared.global.fastly.net\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"AAAA\",\"ttl\":29,\"rdata\":\"2a04:4e42:0600:0000:0000:0000:0000:0729\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"AAAA\",\"ttl\":29,\"rdata\":\"2a04:4e42:0000:0000:0000:0000:0000:0729\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"AAAA\",\"ttl\":29,\"rdata\":\"2a04:4e42:0200:0000:0000:0000:0000:0729\"},{\"rrname\":\"dualstack.r2.shared.global.fastly.net\",\"rrtype\":\"AAAA\",\"ttl\":29,\"rdata\":\"2a04:4e42:0400:0000:0000:0000:0000:0729\"}],\"grouped\":{\"AAAA\":[\"2a04:4e42:0600:0000:0000:0000:0000:0729\",\"2a04:4e42:0000:0000:0000:0000:0000:0729\",\"2a04:4e42:0200:0000:0000:0000:0000:0729\",\"2a04:4e42:0400:0000:0000:0000:0000:0729\"],\"CNAME\":[\"dualstack.r2.shared.global.fastly.net\"]}}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 3116,
"network.community_id": "1:SDBTqhsjpXwQyrvRX6xpeEaMsAg=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.3",
"source.ip": "10.0.2.3",
"source.port": 53,
"suricata.eve.dns.id": 4210,
"suricata.eve.dns.rcode": "NOERROR",
"suricata.eve.dns.rrname": "www.elastic.co",
"suricata.eve.dns.rrtype": "AAAA",
"suricata.eve.dns.type": "answer",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 2130691028471842,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-23T01:22:31.812Z",
"destination.address": "10.0.2.3",
"destination.ip": "10.0.2.3",
"destination.port": 53,
"dns.id": "28329",
"dns.question.name": "www.yahoo.com",
"dns.question.registered_domain": "yahoo.com",
"dns.question.type": "A",
"dns.type": "query",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-23T01:22:31.812655+0000\",\"flow_id\":814378410010223,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":44773,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":28329,\"rrname\":\"www.yahoo.com\",\"rrtype\":\"A\",\"tx_id\":0}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 4327,
"network.community_id": "1:O4Lt3gevExgYQL5MQJq7vgssBrQ=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.15",
"source.ip": "10.0.2.15",
"source.port": 44773,
"suricata.eve.dns.id": 28329,
"suricata.eve.dns.rrname": "www.yahoo.com",
"suricata.eve.dns.rrtype": "A",
"suricata.eve.dns.tx_id": 0,
"suricata.eve.dns.type": "query",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 814378410010223,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-23T01:22:31.812Z",
"destination.address": "10.0.2.3",
"destination.ip": "10.0.2.3",
"destination.port": 53,
"dns.id": "7050",
"dns.question.name": "www.yahoo.com",
"dns.question.registered_domain": "yahoo.com",
"dns.question.type": "AAAA",
"dns.type": "query",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-23T01:22:31.812828+0000\",\"flow_id\":1887239765714716,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":55246,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":7050,\"rrname\":\"www.yahoo.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 4610,
"network.community_id": "1:NKecJMP5cHplk+fr2uNww69SdWg=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.15",
"source.ip": "10.0.2.15",
"source.port": 55246,
"suricata.eve.dns.id": 7050,
"suricata.eve.dns.rrname": "www.yahoo.com",
"suricata.eve.dns.rrtype": "AAAA",
"suricata.eve.dns.tx_id": 0,
"suricata.eve.dns.type": "query",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 1887239765714716,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-23T01:22:31.846Z",
"destination.address": "10.0.2.15",
"destination.ip": "10.0.2.15",
"destination.port": 44773,
"dns.answers": [
{
"data": "atsv2-fp-shed.wg1.b.yahoo.com",
"name": "www.yahoo.com",
"ttl": 1315,
"type": "CNAME"
}
],
"dns.id": "28329",
"dns.response_code": "NOERROR",
"dns.type": "answer",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-23T01:22:31.846575+0000\",\"flow_id\":814378410010223,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":44773,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":28329,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"www.yahoo.com\",\"rrtype\":\"CNAME\",\"ttl\":1315,\"rdata\":\"atsv2-fp-shed.wg1.b.yahoo.com\"}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 4896,
"network.community_id": "1:O4Lt3gevExgYQL5MQJq7vgssBrQ=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.3",
"source.ip": "10.0.2.3",
"source.port": 53,
"suricata.eve.dns.id": 28329,
"suricata.eve.dns.rcode": "NOERROR",
"suricata.eve.dns.rdata": "atsv2-fp-shed.wg1.b.yahoo.com",
"suricata.eve.dns.rrname": "www.yahoo.com",
"suricata.eve.dns.rrtype": "CNAME",
"suricata.eve.dns.ttl": 1315,
"suricata.eve.dns.type": "answer",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 814378410010223,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-23T01:22:31.846Z",
"destination.address": "10.0.2.15",
"destination.ip": "10.0.2.15",
"destination.port": 44773,
"dns.answers": [
{
"data": "98.138.219.232",
"name": "atsv2-fp-shed.wg1.b.yahoo.com",
"ttl": 15,
"type": "A"
}
],
"dns.id": "28329",
"dns.response_code": "NOERROR",
"dns.type": "answer",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-23T01:22:31.846575+0000\",\"flow_id\":814378410010223,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":44773,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":28329,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"A\",\"ttl\":15,\"rdata\":\"98.138.219.232\"}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 5288,
"network.community_id": "1:O4Lt3gevExgYQL5MQJq7vgssBrQ=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.3",
"source.ip": "10.0.2.3",
"source.port": 53,
"suricata.eve.dns.id": 28329,
"suricata.eve.dns.rcode": "NOERROR",
"suricata.eve.dns.rdata": "98.138.219.232",
"suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com",
"suricata.eve.dns.rrtype": "A",
"suricata.eve.dns.ttl": 15,
"suricata.eve.dns.type": "answer",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 814378410010223,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-23T01:22:31.846Z",
"destination.address": "10.0.2.15",
"destination.ip": "10.0.2.15",
"destination.port": 44773,
"dns.answers": [
{
"data": "98.138.219.231",
"name": "atsv2-fp-shed.wg1.b.yahoo.com",
"ttl": 15,
"type": "A"
}
],
"dns.id": "28329",
"dns.response_code": "NOERROR",
"dns.type": "answer",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-23T01:22:31.846575+0000\",\"flow_id\":814378410010223,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":44773,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":28329,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"A\",\"ttl\":15,\"rdata\":\"98.138.219.231\"}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 5675,
"network.community_id": "1:O4Lt3gevExgYQL5MQJq7vgssBrQ=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.3",
"source.ip": "10.0.2.3",
"source.port": 53,
"suricata.eve.dns.id": 28329,
"suricata.eve.dns.rcode": "NOERROR",
"suricata.eve.dns.rdata": "98.138.219.231",
"suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com",
"suricata.eve.dns.rrtype": "A",
"suricata.eve.dns.ttl": 15,
"suricata.eve.dns.type": "answer",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 814378410010223,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-23T01:22:31.846Z",
"destination.address": "10.0.2.15",
"destination.ip": "10.0.2.15",
"destination.port": 44773,
"dns.answers": [
{
"data": "72.30.35.10",
"name": "atsv2-fp-shed.wg1.b.yahoo.com",
"ttl": 15,
"type": "A"
}
],
"dns.id": "28329",
"dns.response_code": "NOERROR",
"dns.type": "answer",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-23T01:22:31.846575+0000\",\"flow_id\":814378410010223,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":44773,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":28329,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"A\",\"ttl\":15,\"rdata\":\"72.30.35.10\"}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 6062,
"network.community_id": "1:O4Lt3gevExgYQL5MQJq7vgssBrQ=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.3",
"source.ip": "10.0.2.3",
"source.port": 53,
"suricata.eve.dns.id": 28329,
"suricata.eve.dns.rcode": "NOERROR",
"suricata.eve.dns.rdata": "72.30.35.10",
"suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com",
"suricata.eve.dns.rrtype": "A",
"suricata.eve.dns.ttl": 15,
"suricata.eve.dns.type": "answer",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 814378410010223,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-23T01:22:31.846Z",
"destination.address": "10.0.2.15",
"destination.ip": "10.0.2.15",
"destination.port": 44773,
"dns.answers": [
{
"data": "72.30.35.9",
"name": "atsv2-fp-shed.wg1.b.yahoo.com",
"ttl": 15,
"type": "A"
}
],
"dns.id": "28329",
"dns.response_code": "NOERROR",
"dns.type": "answer",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-23T01:22:31.846575+0000\",\"flow_id\":814378410010223,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":44773,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":28329,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"A\",\"ttl\":15,\"rdata\":\"72.30.35.9\"}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 6446,
"network.community_id": "1:O4Lt3gevExgYQL5MQJq7vgssBrQ=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.3",
"source.ip": "10.0.2.3",
"source.port": 53,
"suricata.eve.dns.id": 28329,
"suricata.eve.dns.rcode": "NOERROR",
"suricata.eve.dns.rdata": "72.30.35.9",
"suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com",
"suricata.eve.dns.rrtype": "A",
"suricata.eve.dns.ttl": 15,
"suricata.eve.dns.type": "answer",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 814378410010223,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-23T01:22:31.847Z",
"destination.address": "10.0.2.15",
"destination.ip": "10.0.2.15",
"destination.port": 55246,
"dns.answers": [
{
"data": "atsv2-fp-shed.wg1.b.yahoo.com",
"name": "www.yahoo.com",
"ttl": 1268,
"type": "CNAME"
}
],
"dns.id": "7050",
"dns.response_code": "NOERROR",
"dns.type": "answer",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-23T01:22:31.847379+0000\",\"flow_id\":1887239765714716,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":55246,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":7050,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"www.yahoo.com\",\"rrtype\":\"CNAME\",\"ttl\":1268,\"rdata\":\"atsv2-fp-shed.wg1.b.yahoo.com\"}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 6829,
"network.community_id": "1:NKecJMP5cHplk+fr2uNww69SdWg=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.3",
"source.ip": "10.0.2.3",
"source.port": 53,
"suricata.eve.dns.id": 7050,
"suricata.eve.dns.rcode": "NOERROR",
"suricata.eve.dns.rdata": "atsv2-fp-shed.wg1.b.yahoo.com",
"suricata.eve.dns.rrname": "www.yahoo.com",
"suricata.eve.dns.rrtype": "CNAME",
"suricata.eve.dns.ttl": 1268,
"suricata.eve.dns.type": "answer",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 1887239765714716,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-23T01:22:31.847Z",
"destination.address": "10.0.2.15",
"destination.ip": "10.0.2.15",
"destination.port": 55246,
"dns.answers": [
{
"data": "2001:4998:0058:1836:0000:0000:0000:0010",
"name": "atsv2-fp-shed.wg1.b.yahoo.com",
"ttl": 53,
"type": "AAAA"
}
],
"dns.id": "7050",
"dns.response_code": "NOERROR",
"dns.type": "answer",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-23T01:22:31.847379+0000\",\"flow_id\":1887239765714716,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":55246,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":7050,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"AAAA\",\"ttl\":53,\"rdata\":\"2001:4998:0058:1836:0000:0000:0000:0010\"}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 7221,
"network.community_id": "1:NKecJMP5cHplk+fr2uNww69SdWg=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.3",
"source.ip": "10.0.2.3",
"source.port": 53,
"suricata.eve.dns.id": 7050,
"suricata.eve.dns.rcode": "NOERROR",
"suricata.eve.dns.rdata": "2001:4998:0058:1836:0000:0000:0000:0010",
"suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com",
"suricata.eve.dns.rrtype": "AAAA",
"suricata.eve.dns.ttl": 53,
"suricata.eve.dns.type": "answer",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 1887239765714716,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-23T01:22:31.847Z",
"destination.address": "10.0.2.15",
"destination.ip": "10.0.2.15",
"destination.port": 55246,
"dns.answers": [
{
"data": "2001:4998:0044:041d:0000:0000:0000:0003",
"name": "atsv2-fp-shed.wg1.b.yahoo.com",
"ttl": 53,
"type": "AAAA"
}
],
"dns.id": "7050",
"dns.response_code": "NOERROR",
"dns.type": "answer",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-23T01:22:31.847379+0000\",\"flow_id\":1887239765714716,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":55246,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":7050,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"AAAA\",\"ttl\":53,\"rdata\":\"2001:4998:0044:041d:0000:0000:0000:0003\"}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 7636,
"network.community_id": "1:NKecJMP5cHplk+fr2uNww69SdWg=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.3",
"source.ip": "10.0.2.3",
"source.port": 53,
"suricata.eve.dns.id": 7050,
"suricata.eve.dns.rcode": "NOERROR",
"suricata.eve.dns.rdata": "2001:4998:0044:041d:0000:0000:0000:0003",
"suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com",
"suricata.eve.dns.rrtype": "AAAA",
"suricata.eve.dns.ttl": 53,
"suricata.eve.dns.type": "answer",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 1887239765714716,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-23T01:22:31.847Z",
"destination.address": "10.0.2.15",
"destination.ip": "10.0.2.15",
"destination.port": 55246,
"dns.answers": [
{
"data": "2001:4998:0058:1836:0000:0000:0000:0011",
"name": "atsv2-fp-shed.wg1.b.yahoo.com",
"ttl": 53,
"type": "AAAA"
}
],
"dns.id": "7050",
"dns.response_code": "NOERROR",
"dns.type": "answer",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-23T01:22:31.847379+0000\",\"flow_id\":1887239765714716,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":55246,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":7050,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"AAAA\",\"ttl\":53,\"rdata\":\"2001:4998:0058:1836:0000:0000:0000:0011\"}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 8051,
"network.community_id": "1:NKecJMP5cHplk+fr2uNww69SdWg=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.3",
"source.ip": "10.0.2.3",
"source.port": 53,
"suricata.eve.dns.id": 7050,
"suricata.eve.dns.rcode": "NOERROR",
"suricata.eve.dns.rdata": "2001:4998:0058:1836:0000:0000:0000:0011",
"suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com",
"suricata.eve.dns.rrtype": "AAAA",
"suricata.eve.dns.ttl": 53,
"suricata.eve.dns.type": "answer",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 1887239765714716,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-23T01:22:31.847Z",
"destination.address": "10.0.2.15",
"destination.ip": "10.0.2.15",
"destination.port": 55246,
"dns.answers": [
{
"data": "2001:4998:0044:041d:0000:0000:0000:0004",
"name": "atsv2-fp-shed.wg1.b.yahoo.com",
"ttl": 53,
"type": "AAAA"
}
],
"dns.id": "7050",
"dns.response_code": "NOERROR",
"dns.type": "answer",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-23T01:22:31.847379+0000\",\"flow_id\":1887239765714716,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.3\",\"src_port\":53,\"dest_ip\":\"10.0.2.15\",\"dest_port\":55246,\"proto\":\"UDP\",\"dns\":{\"type\":\"answer\",\"id\":7050,\"flags\":\"8180\",\"qr\":true,\"rd\":true,\"ra\":true,\"rcode\":\"NOERROR\",\"rrname\":\"atsv2-fp-shed.wg1.b.yahoo.com\",\"rrtype\":\"AAAA\",\"ttl\":53,\"rdata\":\"2001:4998:0044:041d:0000:0000:0000:0004\"}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 8466,
"network.community_id": "1:NKecJMP5cHplk+fr2uNww69SdWg=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.3",
"source.ip": "10.0.2.3",
"source.port": 53,
"suricata.eve.dns.id": 7050,
"suricata.eve.dns.rcode": "NOERROR",
"suricata.eve.dns.rdata": "2001:4998:0044:041d:0000:0000:0000:0004",
"suricata.eve.dns.rrname": "atsv2-fp-shed.wg1.b.yahoo.com",
"suricata.eve.dns.rrtype": "AAAA",
"suricata.eve.dns.ttl": 53,
"suricata.eve.dns.type": "answer",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 1887239765714716,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-23T02:03:36.578Z",
"destination.address": "10.0.2.3",
"destination.ip": "10.0.2.3",
"destination.port": 53,
"dns.id": "9104",
"dns.question.name": "www.elastic.co",
"dns.question.registered_domain": "elastic.co",
"dns.question.type": "A",
"dns.type": "query",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-23T02:03:36.578089+0000\",\"flow_id\":2181951993205289,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":48288,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":9104,\"rrname\":\"www.elastic.co\",\"rrtype\":\"A\",\"tx_id\":0}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 8881,
"network.community_id": "1:zh0UVYktuWGDSL+4ROPa1CTtEPE=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.15",
"source.ip": "10.0.2.15",
"source.port": 48288,
"suricata.eve.dns.id": 9104,
"suricata.eve.dns.rrname": "www.elastic.co",
"suricata.eve.dns.rrtype": "A",
"suricata.eve.dns.tx_id": 0,
"suricata.eve.dns.type": "query",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 2181951993205289,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-23T02:03:36.578Z",
"destination.address": "10.0.2.3",
"destination.ip": "10.0.2.3",
"destination.port": 53,
"dns.id": "12859",
"dns.question.name": "www.elastic.co",
"dns.question.registered_domain": "elastic.co",
"dns.question.type": "AAAA",
"dns.type": "query",
"event.category": "network_traffic",
"event.dataset": "suricata.eve",
"event.kind": "event",
"event.module": "suricata",
"event.original": "{\"timestamp\":\"2019-08-23T02:03:36.578262+0000\",\"flow_id\":928596784370390,\"in_iface\":\"enp0s3\",\"event_type\":\"dns\",\"src_ip\":\"10.0.2.15\",\"src_port\":59203,\"dest_ip\":\"10.0.2.3\",\"dest_port\":53,\"proto\":\"UDP\",\"dns\":{\"type\":\"query\",\"id\":12859,\"rrname\":\"www.elastic.co\",\"rrtype\":\"AAAA\",\"tx_id\":0}}",
"fileset.name": "eve",
"input.type": "log",
"log.offset": 9165,
"network.community_id": "1:fuLDtU46PU3PHindOSCj0JKYUaA=",
"network.transport": "udp",
"service.type": "suricata",
"source.address": "10.0.2.15",
"source.ip": "10.0.2.15",
"source.port": 59203,
"suricata.eve.dns.id": 12859,
"suricata.eve.dns.rrname": "www.elastic.co",
"suricata.eve.dns.rrtype": "AAAA",
"suricata.eve.dns.tx_id": 0,
"suricata.eve.dns.type": "query",
"suricata.eve.event_type": "dns",
"suricata.eve.flow_id": 928596784370390,
"suricata.eve.in_iface": "enp0s3",
"tags": [
"suricata"
]
},
{
"@timestamp": "2019-08-23T02:03:36.619Z",
"destination.address": "10.0.2.15",
"destination.ip": "10.0.2.15",
"destination.port": 48288,
"dns.answers": [
{
"data": "dualstack.r2.shared.global.fastly.net",
"name": "www.elastic.co",