http://git-wip-us.apache.org/repos/asf/metron/blob/8bf3b6ec/metron-interface/metron-alerts/cypress/fixtures/search.json ---------------------------------------------------------------------- diff --git a/metron-interface/metron-alerts/cypress/fixtures/search.json b/metron-interface/metron-alerts/cypress/fixtures/search.json new file mode 100644 index 0000000..e2e03e4 --- /dev/null +++ b/metron-interface/metron-alerts/cypress/fixtures/search.json @@ -0,0 +1,5647 @@ +{ + "total":104593, + "results":[ + { + "id":"ad5cc7ea-5954-479f-8589-51f94b1c2f02", + "source":{ + "average":10.0, + "max":10.0, + "metron_alert":[ + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537279364136", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537279364122", + "enrichmentjoinbolt:joiner:ts":"1537279364128", + "adapter:geoadapter:begin:ts":"1537279364125", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537279364133", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-14:02:39.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537279364125", + "tos":"0", + "adapter:geoadapter:end:ts":"1537279364125", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537279364130", + "threat:triage:rules:0:score":10, + "timestamp":1537279359000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537279364122", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537279364125", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537279364130", + "adapter:threatinteladapter:begin:ts":"1537279364133", + "tcpflags":"***A**S*", + "guid":"c6843745-203c-49e1-80ad-f060eb88c9b1", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537280091506", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BD", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"40", + "enrichmentsplitterbolt:splitter:begin:ts":"1537280091491", + "enrichmentjoinbolt:joiner:ts":"1537280091498", + "adapter:geoadapter:begin:ts":"1537280091493", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C999D", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537280091503", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-14:14:47.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537280091493", + "tos":"0", + "adapter:geoadapter:end:ts":"1537280091493", + "id":"1900", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537280091501", + "threat:triage:rules:0:score":10, + "timestamp":1537280087000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537280091491", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537280091493", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"40960", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537280091501", + "adapter:threatinteladapter:begin:ts":"1537280091503", + "tcpflags":"***A****", + "guid":"f6521c0a-7aa9-4fc2-82ef-34c647d793f4", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537280221040", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537280221027", + "enrichmentjoinbolt:joiner:ts":"1537280221031", + "adapter:geoadapter:begin:ts":"1537280221029", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537280221037", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-14:16:56.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537280221029", + "tos":"0", + "adapter:geoadapter:end:ts":"1537280221029", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537280221035", + "threat:triage:rules:0:score":10, + "timestamp":1537280216000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537280221027", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537280221029", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537280221035", + "adapter:threatinteladapter:begin:ts":"1537280221037", + "tcpflags":"***A**S*", + "guid":"4b1a23db-8040-4639-88ae-83294d45921e", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537280908414", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BD", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"40", + "enrichmentsplitterbolt:splitter:begin:ts":"1537280908400", + "enrichmentjoinbolt:joiner:ts":"1537280908405", + "adapter:geoadapter:begin:ts":"1537280908403", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C999D", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537280908411", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-14:28:27.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537280908402", + "tos":"0", + "adapter:geoadapter:end:ts":"1537280908403", + "id":"1900", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537280908407", + "threat:triage:rules:0:score":10, + "timestamp":1537280907000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537280908400", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537280908402", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"40960", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537280908407", + "adapter:threatinteladapter:begin:ts":"1537280908411", + "tcpflags":"***A****", + "guid":"7f8babb8-72d6-4823-824a-0d57035bdfff", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537284816200", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BD", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"40", + "enrichmentsplitterbolt:splitter:begin:ts":"1537284816186", + "enrichmentjoinbolt:joiner:ts":"1537284816191", + "adapter:geoadapter:begin:ts":"1537284816188", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C999D", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537284816198", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-15:33:35.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537284816188", + "tos":"0", + "adapter:geoadapter:end:ts":"1537284816189", + "id":"1900", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537284816194", + "threat:triage:rules:0:score":10, + "timestamp":1537284815000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537284816186", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537284816188", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"40960", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537284816194", + "adapter:threatinteladapter:begin:ts":"1537284816196", + "tcpflags":"***A****", + "guid":"007a98c7-4301-44e1-b80d-a35cf5a88019", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537285796807", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537285796794", + "enrichmentjoinbolt:joiner:ts":"1537285796799", + "adapter:geoadapter:begin:ts":"1537285796796", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537285796804", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-15:49:52.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537285796796", + "tos":"0", + "adapter:geoadapter:end:ts":"1537285796796", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537285796802", + "threat:triage:rules:0:score":10, + "timestamp":1537285792000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537285796794", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537285796796", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537285796802", + "adapter:threatinteladapter:begin:ts":"1537285796804", + "tcpflags":"***A**S*", + "guid":"337b657f-9c48-45a2-b356-0ab08de9f549", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537296522470", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537295997966", + "enrichmentjoinbolt:joiner:ts":"1537295997971", + "adapter:geoadapter:begin:ts":"1537295997968", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537296522293", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-18:39:53.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537295997968", + "tos":"0", + "adapter:geoadapter:end:ts":"1537295997968", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537295997973", + "threat:triage:rules:0:score":10, + "timestamp":1537295993000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537295997966", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537295997968", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537295997973", + "adapter:threatinteladapter:begin:ts":"1537296522293", + "tcpflags":"***A**S*", + "guid":"0517c267-f7c9-409a-8b8f-40d95254eb2d", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537296937969", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BD", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"40", + "enrichmentsplitterbolt:splitter:begin:ts":"1537296937958", + "enrichmentjoinbolt:joiner:ts":"1537296937963", + "adapter:geoadapter:begin:ts":"1537296937960", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C999D", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537296937967", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-18:55:33.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537296937960", + "tos":"0", + "adapter:geoadapter:end:ts":"1537296937960", + "id":"1900", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537296937965", + "threat:triage:rules:0:score":10, + "timestamp":1537296933000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537296937958", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537296937960", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"40960", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537296937965", + "adapter:threatinteladapter:begin:ts":"1537296937967", + "tcpflags":"***A****", + "guid":"f2a6c42c-ec04-4e8e-ae8d-29a7a642b8be", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537297658265", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537297658252", + "enrichmentjoinbolt:joiner:ts":"1537297658256", + "adapter:geoadapter:begin:ts":"1537297658254", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537297658261", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-19:07:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537297658254", + "tos":"0", + "adapter:geoadapter:end:ts":"1537297658254", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537297658259", + "threat:triage:rules:0:score":10, + "timestamp":1537297657000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537297658252", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537297658254", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537297658259", + "adapter:threatinteladapter:begin:ts":"1537297658261", + "tcpflags":"***A**S*", + "guid":"2f34effe-93dc-41d4-aa04-920c89982f9c", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537297780829", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537297780818", + "enrichmentjoinbolt:joiner:ts":"1537297780822", + "adapter:geoadapter:begin:ts":"1537297780820", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537297780827", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-19:09:35.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537297780820", + "tos":"0", + "adapter:geoadapter:end:ts":"1537297780820", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537297780825", + "threat:triage:rules:0:score":10, + "timestamp":1537297775000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537297780818", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537297780820", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537297780825", + "adapter:threatinteladapter:begin:ts":"1537297780827", + "tcpflags":"***A**S*", + "guid":"bbbbdb93-fbef-4479-b018-02b92cc88103", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537298899732", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537298899713", + "enrichmentjoinbolt:joiner:ts":"1537298899718", + "adapter:geoadapter:begin:ts":"1537298899716", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537298899729", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-19:28:18.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537298899716", + "tos":"0", + "adapter:geoadapter:end:ts":"1537298899716", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537298899720", + "threat:triage:rules:0:score":10, + "timestamp":1537298898000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537298899713", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537298899716", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537298899720", + "adapter:threatinteladapter:begin:ts":"1537298899722", + "tcpflags":"***A**S*", + "guid":"5e42b3f7-5baf-48f6-b596-4db3e5e5f30b", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537299378075", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BD", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"40", + "enrichmentsplitterbolt:splitter:begin:ts":"1537299378057", + "enrichmentjoinbolt:joiner:ts":"1537299378062", + "adapter:geoadapter:begin:ts":"1537299378059", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C999D", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537299378072", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-19:36:17.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537299378059", + "tos":"0", + "adapter:geoadapter:end:ts":"1537299378059", + "id":"1900", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537299378066", + "threat:triage:rules:0:score":10, + "timestamp":1537299377000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537299378057", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537299378059", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"40960", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537299378066", + "adapter:threatinteladapter:begin:ts":"1537299378072", + "tcpflags":"***A****", + "guid":"d6df0c6a-9e7c-41c9-8ee6-38681225a38c", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537300647845", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537300647833", + "enrichmentjoinbolt:joiner:ts":"1537300647837", + "adapter:geoadapter:begin:ts":"1537300647834", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537300647842", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-19:57:26.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537300647834", + "tos":"0", + "adapter:geoadapter:end:ts":"1537300647834", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537300647839", + "threat:triage:rules:0:score":10, + "timestamp":1537300646000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537300647833", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537300647834", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537300647839", + "adapter:threatinteladapter:begin:ts":"1537300647842", + "tcpflags":"***A**S*", + "guid":"2f45a7f0-9771-49c3-8eba-bd1f8af8174f", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537301518165", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537301518147", + "enrichmentjoinbolt:joiner:ts":"1537301518158", + "adapter:geoadapter:begin:ts":"1537301518149", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537301518163", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-20:11:57.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537301518149", + "tos":"0", + "adapter:geoadapter:end:ts":"1537301518149", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537301518160", + "threat:triage:rules:0:score":10, + "timestamp":1537301517000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537301518147", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537301518149", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537301518160", + "adapter:threatinteladapter:begin:ts":"1537301518163", + "tcpflags":"***A**S*", + "guid":"0dd2ce0a-62aa-4800-a7de-ad56d0ed2f41", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537304529055", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BD", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"40", + "enrichmentsplitterbolt:splitter:begin:ts":"1537304529042", + "enrichmentjoinbolt:joiner:ts":"1537304529048", + "adapter:geoadapter:begin:ts":"1537304529045", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C999D", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537304529053", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-21:02:04.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537304529045", + "tos":"0", + "adapter:geoadapter:end:ts":"1537304529045", + "id":"1900", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537304529050", + "threat:triage:rules:0:score":10, + "timestamp":1537304524000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537304529042", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537304529045", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"40960", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537304529050", + "adapter:threatinteladapter:begin:ts":"1537304529053", + "tcpflags":"***A****", + "guid":"13760f67-1412-4463-8de3-a74def82c6ed", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537277777169", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BD", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"40", + "enrichmentsplitterbolt:splitter:begin:ts":"1537277777156", + "enrichmentjoinbolt:joiner:ts":"1537277777161", + "adapter:geoadapter:begin:ts":"1537277777158", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C999D", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537277777165", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-13:36:15.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537277777158", + "tos":"0", + "adapter:geoadapter:end:ts":"1537277777158", + "id":"1900", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537277777163", + "threat:triage:rules:0:score":10, + "timestamp":1537277775000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537277777156", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537277777158", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"40960", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537277777162", + "adapter:threatinteladapter:begin:ts":"1537277777165", + "tcpflags":"***A****", + "guid":"32c60f70-7a76-4d7b-a943-939a6cea9a3f", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537277957306", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BD", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"40", + "enrichmentsplitterbolt:splitter:begin:ts":"1537277957293", + "enrichmentjoinbolt:joiner:ts":"1537277957299", + "adapter:geoadapter:begin:ts":"1537277957296", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C999D", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537277957303", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-13:39:16.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537277957296", + "tos":"0", + "adapter:geoadapter:end:ts":"1537277957296", + "id":"1900", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537277957301", + "threat:triage:rules:0:score":10, + "timestamp":1537277956000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537277957293", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537277957296", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"40960", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537277957301", + "adapter:threatinteladapter:begin:ts":"1537277957303", + "tcpflags":"***A****", + "guid":"7dcf592a-d562-4ac6-92e7-aaea2ee14417", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537277957306", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BD", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"40", + "enrichmentsplitterbolt:splitter:begin:ts":"1537277957293", + "enrichmentjoinbolt:joiner:ts":"1537277957299", + "adapter:geoadapter:begin:ts":"1537277957296", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C999D", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537277957303", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-13:39:16.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537277957296", + "tos":"0", + "adapter:geoadapter:end:ts":"1537277957296", + "id":"1900", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537277957301", + "threat:triage:rules:0:score":10, + "timestamp":1537277956000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537277957293", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537277957296", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"40960", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537277957301", + "adapter:threatinteladapter:begin:ts":"1537277957303", + "tcpflags":"***A****", + "guid":"ebe214d5-a0ee-485e-bf39-78e8afde9711", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537281281274", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BD", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"40", + "enrichmentsplitterbolt:splitter:begin:ts":"1537281281256", + "enrichmentjoinbolt:joiner:ts":"1537281281261", + "adapter:geoadapter:begin:ts":"1537281281258", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C999D", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537281281273", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-14:34:37.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537281281258", + "tos":"0", + "adapter:geoadapter:end:ts":"1537281281258", + "id":"1900", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537281281263", + "threat:triage:rules:0:score":10, + "timestamp":1537281277000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537281281256", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537281281258", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"40960", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537281281263", + "adapter:threatinteladapter:begin:ts":"1537281281266", + "tcpflags":"***A****", + "guid":"f4d8a573-e957-4c22-b4e1-b9c657cd911d", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537281652539", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537281652526", + "enrichmentjoinbolt:joiner:ts":"1537281652532", + "adapter:geoadapter:begin:ts":"1537281652530", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537281652536", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-14:40:51.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537281652529", + "tos":"0", + "adapter:geoadapter:end:ts":"1537281652530", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537281652534", + "threat:triage:rules:0:score":10, + "timestamp":1537281651000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537281652526", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537281652529", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537281652534", + "adapter:threatinteladapter:begin:ts":"1537281652536", + "tcpflags":"***A**S*", + "guid":"c4f85a6b-0ebf-4e89-b212-5e0567788f03", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537281947945", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BD", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"40", + "enrichmentsplitterbolt:splitter:begin:ts":"1537281947925", + "enrichmentjoinbolt:joiner:ts":"1537281947930", + "adapter:geoadapter:begin:ts":"1537281947927", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C999D", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537281947942", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-14:45:43.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537281947927", + "tos":"0", + "adapter:geoadapter:end:ts":"1537281947928", + "id":"1900", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537281947932", + "threat:triage:rules:0:score":10, + "timestamp":1537281943000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537281947925", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537281947927", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"40960", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537281947932", + "adapter:threatinteladapter:begin:ts":"1537281947935", + "tcpflags":"***A****", + "guid":"c507d367-4556-41b9-8975-6cfc52b83545", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537282850352", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537282850310", + "enrichmentjoinbolt:joiner:ts":"1537282850315", + "adapter:geoadapter:begin:ts":"1537282850312", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537282850350", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-15:00:45.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537282850312", + "tos":"0", + "adapter:geoadapter:end:ts":"1537282850313", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537282850317", + "threat:triage:rules:0:score":10, + "timestamp":1537282845000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537282850310", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537282850312", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537282850317", + "adapter:threatinteladapter:begin:ts":"1537282850350", + "tcpflags":"***A**S*", + "guid":"78cb2af0-6056-464b-a94a-7d4ccedcc269", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537283450157", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537283450144", + "enrichmentjoinbolt:joiner:ts":"1537283450150", + "adapter:geoadapter:begin:ts":"1537283450147", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537283450156", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-15:10:46.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537283450147", + "tos":"0", + "adapter:geoadapter:end:ts":"1537283450147", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537283450153", + "threat:triage:rules:0:score":10, + "timestamp":1537283446000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537283450144", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537283450147", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537283450153", + "adapter:threatinteladapter:begin:ts":"1537283450156", + "tcpflags":"***A**S*", + "guid":"67e7927d-bf35-4506-9ce5-8236aea37417", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537296522491", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BD", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"40", + "enrichmentsplitterbolt:splitter:begin:ts":"1537296158983", + "enrichmentjoinbolt:joiner:ts":"1537296158988", + "adapter:geoadapter:begin:ts":"1537296158985", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C999D", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537296522299", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-18:42:34.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537296158985", + "tos":"0", + "adapter:geoadapter:end:ts":"1537296158985", + "id":"1900", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537296158990", + "threat:triage:rules:0:score":10, + "timestamp":1537296154000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537296158983", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537296158985", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"40960", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537296158990", + "adapter:threatinteladapter:begin:ts":"1537296522299", + "tcpflags":"***A****", + "guid":"8a851c1a-9f4f-45d1-b06a-c9c0d800f91c", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537296522537", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537296487429", + "enrichmentjoinbolt:joiner:ts":"1537296487439", + "adapter:geoadapter:begin:ts":"1537296487432", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537296522318", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-18:48:05.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537296487432", + "tos":"0", + "adapter:geoadapter:end:ts":"1537296487432", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537296487441", + "threat:triage:rules:0:score":10, + "timestamp":1537296485000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537296487429", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537296487432", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537296487441", + "adapter:threatinteladapter:begin:ts":"1537296522318", + "tcpflags":"***A**S*", + "guid":"5c9a68d8-16ff-44fe-83a6-9feb0b045125", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537297341824", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537297341800", + "enrichmentjoinbolt:joiner:ts":"1537297341805", + "adapter:geoadapter:begin:ts":"1537297341803", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537297341814", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-19:02:17.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537297341803", + "tos":"0", + "adapter:geoadapter:end:ts":"1537297341803", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537297341808", + "threat:triage:rules:0:score":10, + "timestamp":1537297337000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537297341800", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537297341803", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537297341808", + "adapter:threatinteladapter:begin:ts":"1537297341811", + "tcpflags":"***A**S*", + "guid":"1767fe9d-d61d-46b5-9cb7-c24b8074ddec", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537297520177", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BD", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"40", + "enrichmentsplitterbolt:splitter:begin:ts":"1537297520165", + "enrichmentjoinbolt:joiner:ts":"1537297520170", + "adapter:geoadapter:begin:ts":"1537297520167", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C999D", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537297520174", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-19:05:18.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537297520167", + "tos":"0", + "adapter:geoadapter:end:ts":"1537297520167", + "id":"1900", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537297520172", + "threat:triage:rules:0:score":10, + "timestamp":1537297518000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537297520165", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537297520167", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"40960", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537297520172", + "adapter:threatinteladapter:begin:ts":"1537297520174", + "tcpflags":"***A****", + "guid":"fc5b9a63-0894-4b16-9c5b-76c35cb00757", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537297710682", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537297710669", + "enrichmentjoinbolt:joiner:ts":"1537297710674", + "adapter:geoadapter:begin:ts":"1537297710671", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537297710679", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-19:08:29.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537297710671", + "tos":"0", + "adapter:geoadapter:end:ts":"1537297710671", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537297710676", + "threat:triage:rules:0:score":10, + "timestamp":1537297709000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537297710669", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537297710671", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537297710676", + "adapter:threatinteladapter:begin:ts":"1537297710679", + "tcpflags":"***A**S*", + "guid":"6b63bfb3-f809-46f0-932e-c22d5071b502", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537298106549", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537298106533", + "enrichmentjoinbolt:joiner:ts":"1537298106539", + "adapter:geoadapter:begin:ts":"1537298106536", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C98B4", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537298106547", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-19:15:02.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A**S*,0xC88832BC,0x522C98B4,,0xFAF0,128,0,1899,44,45056,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537298106536", + "tos":"0", + "adapter:geoadapter:end:ts":"1537298106536", + "id":"1899", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537298106541", + "threat:triage:rules:0:score":10, + "timestamp":1537298102000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537298106533", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537298106536", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"45056", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537298106541", + "adapter:threatinteladapter:begin:ts":"1537298106544", + "tcpflags":"***A**S*", + "guid":"096b5469-6c46-4f54-b0a4-61ffc125d74c", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537300567318", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BD", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"40", + "enrichmentsplitterbolt:splitter:begin:ts":"1537300567298", + "enrichmentjoinbolt:joiner:ts":"1537300567302", + "adapter:geoadapter:begin:ts":"1537300567300", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C999D", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537300567312", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-19:56:06.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537300567300", + "tos":"0", + "adapter:geoadapter:end:ts":"1537300567300", + "id":"1900", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537300567306", + "threat:triage:rules:0:score":10, + "timestamp":1537300566000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537300567298", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537300567300", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"40960", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537300567306", + "adapter:threatinteladapter:begin:ts":"1537300567312", + "tcpflags":"***A****", + "guid":"9d84c1f0-2924-439a-abd7-32a4e8c69253", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537300823287", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BD", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"40", + "enrichmentsplitterbolt:splitter:begin:ts":"1537300823274", + "enrichmentjoinbolt:joiner:ts":"1537300823279", + "adapter:geoadapter:begin:ts":"1537300823276", + "tcpwindow":"0xFAF0", + "threat:triage:rules:0:name":null, + "tcpack":"0x522C999D", + "protocol":"TCP", + "source:type":"snort", + "adapter:threatinteladapter:end:ts":"1537300823285", + "ip_dst_addr":"192.168.138.158", + "original_string":"09/18/18-20:00:22.000000 ,1,999158,0,\"'snort test alert'\",TCP,188.165.164.184,80,192.168.138.158,49195,00:00:00:00:00:00,00:00:00:00:00:00,0x3C,***A****,0xC88832BD,0x522C999D,,0xFAF0,128,0,1900,40,40960,,,,", + "adapter:hostfromjsonlistadapter:end:ts":"1537300823277", + "tos":"0", + "adapter:geoadapter:end:ts":"1537300823276", + "id":"1900", + "enrichments:geo:ip_src_addr:latitude":"48.8582", + "ip_src_addr":"188.165.164.184", + "threatintelsplitterbolt:splitter:end:ts":"1537300823281", + "threat:triage:rules:0:score":10, + "timestamp":1537300822000, + "ethdst":"00:00:00:00:00:00", + "enrichments:geo:ip_src_addr:location_point":"48.8582,2.3387000000000002", + "threat:triage:rules:0:reason":null, + "enrichmentsplitterbolt:splitter:end:ts":"1537300823274", + "threat:triage:score":10.0, + "is_alert":"true", + "adapter:hostfromjsonlistadapter:begin:ts":"1537300823277", + "enrichments:geo:ip_src_addr:country":"FR", + "ttl":"128", + "metaalerts":[ + "ad5cc7ea-5954-479f-8589-51f94b1c2f02" + ], + "ethlen":"0x3C", + "iplen":"40960", + "ip_src_port":"80", + "threatintelsplitterbolt:splitter:begin:ts":"1537300823281", + "adapter:threatinteladapter:begin:ts":"1537300823284", + "tcpflags":"***A****", + "guid":"afa4b156-bc2f-4e6f-bf0c-ad03695056e3", + "sig_id":"999158", + "sig_generator":"1" + }, + { + "msg":"'snort test alert'", + "sig_rev":"0", + "ip_dst_port":"49195", + "threatinteljoinbolt:joiner:ts":"1537302847425", + "ethsrc":"00:00:00:00:00:00", + "threat:triage:rules:0:comment":null, + "tcpseq":"0xC88832BC", + "enrichments:geo:ip_src_addr:longitude":"2.3387000000000002", + "dgmlen":"44", + "enrichmentsplitterbolt:splitter:begin:ts":"1537302847413", + "enrichmentjoinbolt:joiner:ts":"1537302847418", + "adapter:geoadapter:begin:ts":"1537302847415", +
<TRUNCATED>