-
Notifications
You must be signed in to change notification settings - Fork 374
/
sample_event.json
88 lines (88 loc) · 2.42 KB
/
sample_event.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
{
"@timestamp": "2021-11-23T18:13:18.348Z",
"agent": {
"ephemeral_id": "bd9fe1e0-a3cd-42b7-9b0b-e0946be0c276",
"id": "234cd698-ca4b-4fd7-8a3f-8617e423274a",
"name": "docker-fleet-agent",
"type": "filebeat",
"version": "8.11.0"
},
"cisco_meraki": {
"event_subtype": "ids_alerted",
"event_type": "security_event",
"security": {
"decision": "allowed",
"dhost": "D0-AB-D5-7B-43-73",
"priority": "1",
"signature": "1:29708:4"
}
},
"data_stream": {
"dataset": "cisco_meraki.log",
"namespace": "ep",
"type": "logs"
},
"destination": {
"ip": "10.0.3.162",
"port": 56391
},
"ecs": {
"version": "8.11.0"
},
"elastic_agent": {
"id": "234cd698-ca4b-4fd7-8a3f-8617e423274a",
"snapshot": false,
"version": "8.11.0"
},
"event": {
"action": "ids-signature-matched",
"agent_id_status": "verified",
"category": [
"network",
"intrusion_detection"
],
"dataset": "cisco_meraki.log",
"ingested": "2023-11-21T20:46:12Z",
"original": "<134>1 1637691198.348361125 MX84 security_event ids_alerted signature=1:29708:4 priority=1 timestamp=1637691198.330873 dhost=D0:AB:D5:7B:43:73 direction=ingress protocol=tcp/ip src=67.43.156.12:80 dst=10.0.3.162:56391 decision=allowed message: BROWSER-IE Microsoft Internet Explorer CSS uninitialized object access attempt detected",
"type": [
"info"
]
},
"input": {
"type": "udp"
},
"log": {
"source": {
"address": "192.168.160.4:52334"
}
},
"message": "BROWSER-IE Microsoft Internet Explorer CSS uninitialized object access attempt detected",
"network": {
"direction": "ingress",
"protocol": "tcp/ip"
},
"observer": {
"hostname": "MX84"
},
"source": {
"as": {
"number": 35908
},
"geo": {
"continent_name": "Asia",
"country_iso_code": "BT",
"country_name": "Bhutan",
"location": {
"lat": 27.5,
"lon": 90.5
}
},
"ip": "67.43.156.12",
"port": 80
},
"tags": [
"preserve_original_event",
"cisco-meraki",
"forwarded"
]
}