{ "metadata": { "generated": "2024-11-15T00:00:00Z", "description": "SOC training dataset — jq exercises", "counts": { "alerts": 200, "events": 300, "flows": 250, "vulnerabilities": 83 } }, "alerts": [ { "id": "ALERT-2024-0001", "timestamp": "2024-11-15T00:00:05.000Z", "level": "WARNING", "severity": 3, "category": "firewall", "rule_name": "ET INFO DNS Lookup Known C2", "src_ip": "10.0.10.59", "src_port": 16271, "dst_ip": "27.44.216.9", "dst_port": 445, "protocol": "RDP", "action": "ALLOW", "hostname": "SRV-07", "user": null, "mitre_tactic": "TA0011", "mitre_technique": "T1016", "raw_log": "SRC=10.0.10.59 DST=27.44.216.9 RULE=Sigma: Mimikatz Execution ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0002", "timestamp": "2024-11-15T00:08:48.000Z", "level": "ERROR", "severity": 7, "category": "firewall", "rule_name": "ET SCAN Port Scan", "src_ip": "10.0.2.180", "src_port": 7722, "dst_ip": "10.0.20.41", "dst_port": 23, "protocol": "FTP", "action": "ALLOW", "hostname": "WS-023", "user": "admin", "mitre_tactic": "TA0005", "mitre_technique": "T1560", "raw_log": "SRC=10.0.2.180 DST=10.0.20.41 RULE=ET SCAN Nmap Scan ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0003", "timestamp": "2024-11-15T00:16:05.000Z", "level": "INFO", "severity": 1, "category": "dns", "rule_name": "Custom: Unusual Port 4444", "src_ip": "10.0.30.149", "src_port": 16280, "dst_ip": "18.23.116.198", "dst_port": 8080, "protocol": "UDP", "action": "ALERT", "hostname": "WS-018", "user": "NT AUTHORITY", "mitre_tactic": "TA0006", "mitre_technique": "T1110", "raw_log": "SRC=10.0.30.149 DST=18.23.116.198 RULE=ET SCAN Port Scan ACTION=DROP", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0004", "timestamp": "2024-11-15T00:24:17.000Z", "level": "CRITICAL", "severity": 10, "category": "ids", "rule_name": "Custom: Powershell Download Cradle", "src_ip": "10.0.2.138", "src_port": 42967, "dst_ip": "10.0.2.120", "dst_port": 3389, "protocol": "SMB", "action": "DENY", "hostname": "DC-01", "user": "SYSTEM", "mitre_tactic": "TA0001", "mitre_technique": "T1055", "raw_log": "SRC=10.0.2.138 DST=10.0.2.120 RULE=Custom: Unusual Port 4444 ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0005", "timestamp": "2024-11-15T00:32:25.000Z", "level": "INFO", "severity": 1, "category": "proxy", "rule_name": "ET SCAN Port Scan", "src_ip": "128.202.234.37", "src_port": 15397, "dst_ip": "64.134.219.230", "dst_port": 25, "protocol": "SMB", "action": "ALERT", "hostname": "WS-006", "user": "NT AUTHORITY", "mitre_tactic": "TA0002", "mitre_technique": "T1110", "raw_log": "SRC=128.202.234.37 DST=64.134.219.230 RULE=Sigma: Scheduled Task Creation ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0006", "timestamp": "2024-11-15T00:39:48.000Z", "level": "INFO", "severity": 1, "category": "vpn", "rule_name": "ET TROJAN Emotet Variant", "src_ip": "10.0.100.137", "src_port": 51394, "dst_ip": "142.5.58.175", "dst_port": 3306, "protocol": "DNS", "action": "ALLOW", "hostname": "WS-019", "user": "bwiśniewski", "mitre_tactic": "TA0001", "mitre_technique": "T1016", "raw_log": "SRC=10.0.100.137 DST=142.5.58.175 RULE=Custom: Powershell Download Cradle ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0007", "timestamp": "2024-11-15T00:44:48.000Z", "level": "WARNING", "severity": 3, "category": "ids", "rule_name": "ET POLICY RDP from External", "src_ip": "10.0.20.217", "src_port": 36372, "dst_ip": "10.0.10.41", "dst_port": 4444, "protocol": "SMB", "action": "ALLOW", "hostname": "SRV-10", "user": "jkowalski", "mitre_tactic": "TA0002", "mitre_technique": "T1027", "raw_log": "SRC=10.0.20.217 DST=10.0.10.41 RULE=ET SCAN Port Scan ACTION=DROP", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0008", "timestamp": "2024-11-15T00:53:55.000Z", "level": "WARNING", "severity": 3, "category": "ids", "rule_name": "Sigma: PsExec Lateral Movement", "src_ip": "125.35.64.33", "src_port": 28754, "dst_ip": "10.0.2.69", "dst_port": 53, "protocol": "SMB", "action": "DENY", "hostname": "FS-01", "user": "svc_backup", "mitre_tactic": "TA0011", "mitre_technique": "T1021.001", "raw_log": "SRC=125.35.64.33 DST=10.0.2.69 RULE=ET MALWARE Meterpreter ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0009", "timestamp": "2024-11-15T00:56:55.000Z", "level": "INFO", "severity": 1, "category": "firewall", "rule_name": "ET SCAN Port Scan", "src_ip": "10.0.10.152", "src_port": 5667, "dst_ip": "19.30.117.18", "dst_port": 445, "protocol": "HTTP", "action": "DROP", "hostname": "SRV-14", "user": "mlewandowski", "mitre_tactic": "TA0003", "mitre_technique": "T1016", "raw_log": "SRC=10.0.10.152 DST=19.30.117.18 RULE=Custom: Powershell Download Cradle ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0010", "timestamp": "2024-11-15T01:08:41.000Z", "level": "WARNING", "severity": 3, "category": "vpn", "rule_name": "ET MALWARE CobaltStrike Beacon", "src_ip": "25.220.181.109", "src_port": 4996, "dst_ip": "10.0.0.174", "dst_port": 139, "protocol": "DNS", "action": "ALLOW", "hostname": "WS-016", "user": null, "mitre_tactic": "TA0009", "mitre_technique": "T1566.001", "raw_log": "SRC=25.220.181.109 DST=10.0.0.174 RULE=ET POLICY RDP from External ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0011", "timestamp": "2024-11-15T01:10:59.000Z", "level": "ERROR", "severity": 7, "category": "ids", "rule_name": "Custom: Mass Auth Failure", "src_ip": "10.0.1.14", "src_port": 56644, "dst_ip": "10.0.0.250", "dst_port": 53, "protocol": "ICMP", "action": "ALERT", "hostname": "SRV-03", "user": "NT AUTHORITY", "mitre_tactic": "TA0007", "mitre_technique": "T1027", "raw_log": "SRC=10.0.1.14 DST=10.0.0.250 RULE=ET SCAN Nmap Scan ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0012", "timestamp": "2024-11-15T01:17:37.000Z", "level": "INFO", "severity": 1, "category": "email", "rule_name": "ET MALWARE Meterpreter", "src_ip": "179.249.79.49", "src_port": 33978, "dst_ip": "15.31.160.15", "dst_port": 8443, "protocol": "SMB", "action": "DENY", "hostname": "WS-004", "user": "anowak", "mitre_tactic": "TA0003", "mitre_technique": "T1078", "raw_log": "SRC=179.249.79.49 DST=15.31.160.15 RULE=Sigma: PsExec Lateral Movement ACTION=ALLOW", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0013", "timestamp": "2024-11-15T01:29:45.000Z", "level": "INFO", "severity": 1, "category": "auth", "rule_name": "ET SCAN Port Scan", "src_ip": "10.0.0.160", "src_port": 16666, "dst_ip": "169.161.133.53", "dst_port": 80, "protocol": "FTP", "action": "DENY", "hostname": "SRV-14", "user": "bwiśniewski", "mitre_tactic": "TA0006", "mitre_technique": "T1027", "raw_log": "SRC=10.0.0.160 DST=169.161.133.53 RULE=Custom: Mass Auth Failure ACTION=ALLOW", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0014", "timestamp": "2024-11-15T01:32:23.000Z", "level": "WARNING", "severity": 3, "category": "ids", "rule_name": "ET TROJAN Emotet Variant", "src_ip": "55.135.67.239", "src_port": 11362, "dst_ip": "10.0.1.227", "dst_port": 443, "protocol": "SMB", "action": "DROP", "hostname": "SRV-11", "user": "SYSTEM", "mitre_tactic": "TA0011", "mitre_technique": "T1047", "raw_log": "SRC=55.135.67.239 DST=10.0.1.227 RULE=ET SCAN Nmap Scan ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0015", "timestamp": "2024-11-15T01:43:40.000Z", "level": "CRITICAL", "severity": 10, "category": "endpoint", "rule_name": "Custom: Unusual Port 4444", "src_ip": "28.79.139.73", "src_port": 18324, "dst_ip": "10.0.30.54", "dst_port": 445, "protocol": "SSH", "action": "DROP", "hostname": "WS-004", "user": null, "mitre_tactic": "TA0007", "mitre_technique": "T1048", "raw_log": "SRC=28.79.139.73 DST=10.0.30.54 RULE=ET TROJAN Emotet Variant ACTION=ALLOW", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0016", "timestamp": "2024-11-15T01:47:37.000Z", "level": "WARNING", "severity": 3, "category": "dns", "rule_name": "Sigma: Mimikatz Execution", "src_ip": "114.218.4.29", "src_port": 10729, "dst_ip": "177.76.18.214", "dst_port": 139, "protocol": "ICMP", "action": "ALLOW", "hostname": "WS-020", "user": "SYSTEM", "mitre_tactic": "TA0001", "mitre_technique": "T1027", "raw_log": "SRC=114.218.4.29 DST=177.76.18.214 RULE=ET SCAN Port Scan ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0017", "timestamp": "2024-11-15T01:58:51.000Z", "level": "INFO", "severity": 1, "category": "vpn", "rule_name": "ET POLICY RDP from External", "src_ip": "10.0.2.238", "src_port": 58788, "dst_ip": "10.0.2.251", "dst_port": 139, "protocol": "TCP", "action": "DENY", "hostname": "MAIL-01", "user": "SYSTEM", "mitre_tactic": "TA0007", "mitre_technique": "T1560", "raw_log": "SRC=10.0.2.238 DST=10.0.2.251 RULE=Sigma: Scheduled Task Creation ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0018", "timestamp": "2024-11-15T02:01:52.000Z", "level": "INFO", "severity": 1, "category": "firewall", "rule_name": "Custom: Mass Auth Failure", "src_ip": "10.0.10.53", "src_port": 58127, "dst_ip": "10.0.100.91", "dst_port": 53, "protocol": "HTTP", "action": "ALLOW", "hostname": "SRV-14", "user": null, "mitre_tactic": "TA0006", "mitre_technique": "T1543", "raw_log": "SRC=10.0.10.53 DST=10.0.100.91 RULE=Custom: Unusual Port 4444 ACTION=ALLOW", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0019", "timestamp": "2024-11-15T02:06:38.000Z", "level": "WARNING", "severity": 3, "category": "vpn", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "10.0.30.242", "src_port": 23678, "dst_ip": "67.91.135.10", "dst_port": 3389, "protocol": "DNS", "action": "ALERT", "hostname": "SRV-10", "user": "anowak", "mitre_tactic": "TA0007", "mitre_technique": "T1027", "raw_log": "SRC=10.0.30.242 DST=67.91.135.10 RULE=Sigma: PsExec Lateral Movement ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0020", "timestamp": "2024-11-15T02:15:42.000Z", "level": "INFO", "severity": 1, "category": "auth", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "18.169.160.170", "src_port": 22400, "dst_ip": "10.0.20.131", "dst_port": 139, "protocol": "HTTPS", "action": "BLOCK", "hostname": "WS-009", "user": null, "mitre_tactic": "TA0011", "mitre_technique": "T1071", "raw_log": "SRC=18.169.160.170 DST=10.0.20.131 RULE=Sigma: Scheduled Task Creation ACTION=DENY", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0021", "timestamp": "2024-11-15T02:23:50.000Z", "level": "WARNING", "severity": 3, "category": "firewall", "rule_name": "Custom: Powershell Download Cradle", "src_ip": "54.220.164.120", "src_port": 63927, "dst_ip": "10.0.10.132", "dst_port": 4444, "protocol": "ICMP", "action": "ALLOW", "hostname": "WS-019", "user": "svc_backup", "mitre_tactic": "TA0010", "mitre_technique": "T1021.001", "raw_log": "SRC=54.220.164.120 DST=10.0.10.132 RULE=ET MALWARE CobaltStrike Beacon ACTION=DENY", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0022", "timestamp": "2024-11-15T02:32:24.000Z", "level": "INFO", "severity": 1, "category": "firewall", "rule_name": "ET MALWARE Meterpreter", "src_ip": "122.37.233.107", "src_port": 27215, "dst_ip": "10.0.10.185", "dst_port": 53, "protocol": "ICMP", "action": "ALLOW", "hostname": "PROXY-01", "user": "anowak", "mitre_tactic": "TA0007", "mitre_technique": "T1055", "raw_log": "SRC=122.37.233.107 DST=10.0.10.185 RULE=ET POLICY RDP from External ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0023", "timestamp": "2024-11-15T02:40:57.000Z", "level": "CRITICAL", "severity": 10, "category": "ids", "rule_name": "ET MALWARE Meterpreter", "src_ip": "10.0.100.172", "src_port": 41174, "dst_ip": "10.0.30.245", "dst_port": 8080, "protocol": "SMB", "action": "ALERT", "hostname": "SRV-07", "user": "pkaminski", "mitre_tactic": "TA0008", "mitre_technique": "T1566.001", "raw_log": "SRC=10.0.100.172 DST=10.0.30.245 RULE=ET TROJAN Emotet Variant ACTION=DENY", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0024", "timestamp": "2024-11-15T02:43:57.000Z", "level": "ERROR", "severity": 7, "category": "email", "rule_name": "Sigma: Mimikatz Execution", "src_ip": "10.0.20.114", "src_port": 6304, "dst_ip": "74.120.139.86", "dst_port": 25, "protocol": "ICMP", "action": "DENY", "hostname": "WS-025", "user": "svc_scan", "mitre_tactic": "TA0004", "mitre_technique": "T1078", "raw_log": "SRC=10.0.20.114 DST=74.120.139.86 RULE=ET EXPLOIT EternalBlue ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0025", "timestamp": "2024-11-15T02:54:26.000Z", "level": "INFO", "severity": 1, "category": "vpn", "rule_name": "Sigma: Mimikatz Execution", "src_ip": "198.10.194.123", "src_port": 50013, "dst_ip": "91.152.199.219", "dst_port": 3389, "protocol": "SMB", "action": "BLOCK", "hostname": "WS-015", "user": "agórecka", "mitre_tactic": "TA0007", "mitre_technique": "T1566.001", "raw_log": "SRC=198.10.194.123 DST=91.152.199.219 RULE=ET SCAN Nmap Scan ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0026", "timestamp": "2024-11-15T02:58:37.000Z", "level": "WARNING", "severity": 3, "category": "endpoint", "rule_name": "Sigma: PsExec Lateral Movement", "src_ip": "10.0.2.253", "src_port": 44474, "dst_ip": "10.0.0.234", "dst_port": 22, "protocol": "UDP", "action": "ALERT", "hostname": "WS-009", "user": "pkaminski", "mitre_tactic": "TA0001", "mitre_technique": "T1543", "raw_log": "SRC=10.0.2.253 DST=10.0.0.234 RULE=ET EXPLOIT EternalBlue ACTION=DROP", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0027", "timestamp": "2024-11-15T03:07:04.000Z", "level": "ERROR", "severity": 7, "category": "vpn", "rule_name": "Custom: Mass Auth Failure", "src_ip": "213.215.129.214", "src_port": 63760, "dst_ip": "5.26.179.58", "dst_port": 3306, "protocol": "TCP", "action": "ALLOW", "hostname": "WS-016", "user": null, "mitre_tactic": "TA0001", "mitre_technique": "T1003", "raw_log": "SRC=213.215.129.214 DST=5.26.179.58 RULE=ET POLICY RDP from External ACTION=DENY", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0028", "timestamp": "2024-11-15T03:15:10.000Z", "level": "WARNING", "severity": 3, "category": "auth", "rule_name": "ET TROJAN Emotet Variant", "src_ip": "10.0.20.198", "src_port": 8108, "dst_ip": "10.0.1.201", "dst_port": 1433, "protocol": "TCP", "action": "DROP", "hostname": "SRV-08", "user": "kzielinska", "mitre_tactic": "TA0007", "mitre_technique": "T1016", "raw_log": "SRC=10.0.20.198 DST=10.0.1.201 RULE=ET INFO DNS Lookup Known C2 ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0029", "timestamp": "2024-11-15T03:20:27.000Z", "level": "INFO", "severity": 1, "category": "dns", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "10.0.1.205", "src_port": 25309, "dst_ip": "10.0.0.90", "dst_port": 23, "protocol": "SMB", "action": "DROP", "hostname": "WS-001", "user": "NT AUTHORITY", "mitre_tactic": "TA0008", "mitre_technique": "T1078", "raw_log": "SRC=10.0.1.205 DST=10.0.0.90 RULE=ET EXPLOIT EternalBlue ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0030", "timestamp": "2024-11-15T03:29:15.000Z", "level": "ERROR", "severity": 7, "category": "vpn", "rule_name": "Custom: Unusual Port 4444", "src_ip": "134.138.247.120", "src_port": 62275, "dst_ip": "10.0.20.84", "dst_port": 23, "protocol": "HTTPS", "action": "ALERT", "hostname": "WS-016", "user": "admin", "mitre_tactic": "TA0010", "mitre_technique": "T1082", "raw_log": "SRC=134.138.247.120 DST=10.0.20.84 RULE=ET EXPLOIT EternalBlue ACTION=DROP", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0031", "timestamp": "2024-11-15T03:30:33.000Z", "level": "INFO", "severity": 1, "category": "auth", "rule_name": "ET INFO DNS Lookup Known C2", "src_ip": "67.174.143.226", "src_port": 6634, "dst_ip": "10.0.20.144", "dst_port": 53, "protocol": "FTP", "action": "ALERT", "hostname": "SRV-07", "user": "svc_scan", "mitre_tactic": "TA0008", "mitre_technique": "T1082", "raw_log": "SRC=67.174.143.226 DST=10.0.20.144 RULE=Custom: High Entropy DNS ACTION=ALERT", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0032", "timestamp": "2024-11-15T03:41:22.000Z", "level": "INFO", "severity": 1, "category": "vpn", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "10.0.20.171", "src_port": 49909, "dst_ip": "10.0.100.143", "dst_port": 445, "protocol": "DNS", "action": "DROP", "hostname": "DC-02", "user": "agórecka", "mitre_tactic": "TA0005", "mitre_technique": "T1055", "raw_log": "SRC=10.0.20.171 DST=10.0.100.143 RULE=ET MALWARE CobaltStrike Beacon ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0033", "timestamp": "2024-11-15T03:44:53.000Z", "level": "CRITICAL", "severity": 10, "category": "endpoint", "rule_name": "ET INFO DNS Lookup Known C2", "src_ip": "190.247.141.186", "src_port": 20438, "dst_ip": "10.0.20.253", "dst_port": 53, "protocol": "DNS", "action": "DENY", "hostname": "WS-020", "user": null, "mitre_tactic": "TA0009", "mitre_technique": "T1110", "raw_log": "SRC=190.247.141.186 DST=10.0.20.253 RULE=ET TROJAN Emotet Variant ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0034", "timestamp": "2024-11-15T03:54:28.000Z", "level": "WARNING", "severity": 3, "category": "endpoint", "rule_name": "ET SCAN Port Scan", "src_ip": "10.0.100.28", "src_port": 13106, "dst_ip": "10.0.20.122", "dst_port": 22, "protocol": "HTTPS", "action": "ALERT", "hostname": "WS-008", "user": "kzielinska", "mitre_tactic": "TA0008", "mitre_technique": "T1078", "raw_log": "SRC=10.0.100.28 DST=10.0.20.122 RULE=Sigma: PsExec Lateral Movement ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0035", "timestamp": "2024-11-15T04:02:24.000Z", "level": "CRITICAL", "severity": 10, "category": "ids", "rule_name": "ET MALWARE Meterpreter", "src_ip": "10.0.1.144", "src_port": 60563, "dst_ip": "10.0.10.200", "dst_port": 443, "protocol": "HTTPS", "action": "BLOCK", "hostname": "WS-028", "user": "admin", "mitre_tactic": "TA0001", "mitre_technique": "T1003", "raw_log": "SRC=10.0.1.144 DST=10.0.10.200 RULE=Custom: High Entropy DNS ACTION=ALLOW", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0036", "timestamp": "2024-11-15T04:05:14.000Z", "level": "INFO", "severity": 1, "category": "ids", "rule_name": "ET TROJAN Emotet Variant", "src_ip": "45.38.80.1", "src_port": 47355, "dst_ip": "10.0.100.76", "dst_port": 80, "protocol": "SSH", "action": "ALLOW", "hostname": "DC-01", "user": null, "mitre_tactic": "TA0005", "mitre_technique": "T1560", "raw_log": "SRC=45.38.80.1 DST=10.0.100.76 RULE=Custom: Mass Auth Failure ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0037", "timestamp": "2024-11-15T04:17:52.000Z", "level": "WARNING", "severity": 3, "category": "auth", "rule_name": "Sigma: PsExec Lateral Movement", "src_ip": "10.0.20.213", "src_port": 61395, "dst_ip": "16.84.157.153", "dst_port": 80, "protocol": "SSH", "action": "ALLOW", "hostname": "SRV-01", "user": "svc_scan", "mitre_tactic": "TA0007", "mitre_technique": "T1543", "raw_log": "SRC=10.0.20.213 DST=16.84.157.153 RULE=Sigma: Mimikatz Execution ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0038", "timestamp": "2024-11-15T04:19:48.000Z", "level": "INFO", "severity": 1, "category": "vpn", "rule_name": "Custom: Mass Auth Failure", "src_ip": "10.0.20.8", "src_port": 12505, "dst_ip": "173.10.137.148", "dst_port": 443, "protocol": "SMB", "action": "ALERT", "hostname": "WS-018", "user": null, "mitre_tactic": "TA0010", "mitre_technique": "T1071", "raw_log": "SRC=10.0.20.8 DST=173.10.137.148 RULE=Sigma: Scheduled Task Creation ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0039", "timestamp": "2024-11-15T04:31:25.000Z", "level": "WARNING", "severity": 3, "category": "proxy", "rule_name": "Custom: Unusual Port 4444", "src_ip": "10.0.2.86", "src_port": 50864, "dst_ip": "10.0.100.75", "dst_port": 445, "protocol": "TCP", "action": "ALERT", "hostname": "WS-006", "user": "tmazur", "mitre_tactic": "TA0002", "mitre_technique": "T1560", "raw_log": "SRC=10.0.2.86 DST=10.0.100.75 RULE=ET EXPLOIT EternalBlue ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0040", "timestamp": "2024-11-15T04:36:48.000Z", "level": "ERROR", "severity": 7, "category": "email", "rule_name": "ET SCAN Nmap Scan", "src_ip": "10.0.10.134", "src_port": 14364, "dst_ip": "10.0.100.162", "dst_port": 80, "protocol": "SMB", "action": "DENY", "hostname": "WS-019", "user": "svc_scan", "mitre_tactic": "TA0008", "mitre_technique": "T1078", "raw_log": "SRC=10.0.10.134 DST=10.0.100.162 RULE=ET SCAN Nmap Scan ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0041", "timestamp": "2024-11-15T04:40:41.000Z", "level": "INFO", "severity": 1, "category": "firewall", "rule_name": "Custom: Unusual Port 4444", "src_ip": "10.0.1.59", "src_port": 11114, "dst_ip": "10.0.1.120", "dst_port": 443, "protocol": "HTTPS", "action": "BLOCK", "hostname": "FS-01", "user": null, "mitre_tactic": "TA0008", "mitre_technique": "T1566.001", "raw_log": "SRC=10.0.1.59 DST=10.0.1.120 RULE=ET INFO DNS Lookup Known C2 ACTION=ALERT", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0042", "timestamp": "2024-11-15T04:53:32.000Z", "level": "CRITICAL", "severity": 10, "category": "endpoint", "rule_name": "ET TROJAN Emotet Variant", "src_ip": "10.0.20.199", "src_port": 54799, "dst_ip": "10.0.50.89", "dst_port": 22, "protocol": "HTTPS", "action": "DROP", "hostname": "SRV-09", "user": "svc_backup", "mitre_tactic": "TA0008", "mitre_technique": "T1048", "raw_log": "SRC=10.0.20.199 DST=10.0.50.89 RULE=ET POLICY RDP from External ACTION=ALERT", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0043", "timestamp": "2024-11-15T05:00:49.000Z", "level": "WARNING", "severity": 3, "category": "vpn", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "10.0.30.224", "src_port": 3884, "dst_ip": "179.122.196.60", "dst_port": 135, "protocol": "SSH", "action": "ALERT", "hostname": "WS-025", "user": "SYSTEM", "mitre_tactic": "TA0011", "mitre_technique": "T1110", "raw_log": "SRC=10.0.30.224 DST=179.122.196.60 RULE=ET MALWARE Meterpreter ACTION=ALLOW", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0044", "timestamp": "2024-11-15T05:06:09.000Z", "level": "INFO", "severity": 1, "category": "ids", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "10.0.100.27", "src_port": 58101, "dst_ip": "10.0.100.5", "dst_port": 3306, "protocol": "ICMP", "action": "ALLOW", "hostname": "SRV-02", "user": "agórecka", "mitre_tactic": "TA0006", "mitre_technique": "T1003", "raw_log": "SRC=10.0.100.27 DST=10.0.100.5 RULE=Custom: High Entropy DNS ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0045", "timestamp": "2024-11-15T05:13:43.000Z", "level": "ERROR", "severity": 7, "category": "vpn", "rule_name": "Custom: Powershell Download Cradle", "src_ip": "10.0.100.225", "src_port": 19857, "dst_ip": "10.0.1.62", "dst_port": 53, "protocol": "UDP", "action": "ALERT", "hostname": "WS-007", "user": "svc_scan", "mitre_tactic": "TA0002", "mitre_technique": "T1566.001", "raw_log": "SRC=10.0.100.225 DST=10.0.1.62 RULE=ET POLICY RDP from External ACTION=DROP", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0046", "timestamp": "2024-11-15T05:16:05.000Z", "level": "ERROR", "severity": 7, "category": "dns", "rule_name": "Sigma: PsExec Lateral Movement", "src_ip": "111.74.125.136", "src_port": 58095, "dst_ip": "10.0.2.45", "dst_port": 139, "protocol": "RDP", "action": "DENY", "hostname": "SRV-03", "user": "pkaminski", "mitre_tactic": "TA0004", "mitre_technique": "T1566.001", "raw_log": "SRC=111.74.125.136 DST=10.0.2.45 RULE=Sigma: Scheduled Task Creation ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0047", "timestamp": "2024-11-15T05:26:19.000Z", "level": "ERROR", "severity": 7, "category": "email", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "10.0.2.20", "src_port": 64071, "dst_ip": "10.0.30.254", "dst_port": 139, "protocol": "HTTPS", "action": "ALERT", "hostname": "WS-020", "user": null, "mitre_tactic": "TA0007", "mitre_technique": "T1048", "raw_log": "SRC=10.0.2.20 DST=10.0.30.254 RULE=ET MALWARE Meterpreter ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0048", "timestamp": "2024-11-15T05:33:47.000Z", "level": "WARNING", "severity": 3, "category": "dns", "rule_name": "ET MALWARE Meterpreter", "src_ip": "213.202.140.3", "src_port": 55604, "dst_ip": "10.0.0.235", "dst_port": 8443, "protocol": "HTTPS", "action": "DENY", "hostname": "SRV-10", "user": "mwojcik", "mitre_tactic": "TA0011", "mitre_technique": "T1055", "raw_log": "SRC=213.202.140.3 DST=10.0.0.235 RULE=Sigma: PsExec Lateral Movement ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0049", "timestamp": "2024-11-15T05:38:46.000Z", "level": "WARNING", "severity": 3, "category": "endpoint", "rule_name": "ET POLICY RDP from External", "src_ip": "10.0.0.81", "src_port": 6930, "dst_ip": "10.0.0.150", "dst_port": 8443, "protocol": "HTTPS", "action": "DROP", "hostname": "MAIL-01", "user": "mwojcik", "mitre_tactic": "TA0003", "mitre_technique": "T1560", "raw_log": "SRC=10.0.0.81 DST=10.0.0.150 RULE=Sigma: Mimikatz Execution ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0050", "timestamp": "2024-11-15T05:43:29.000Z", "level": "ERROR", "severity": 7, "category": "dns", "rule_name": "ET MALWARE CobaltStrike Beacon", "src_ip": "10.0.100.249", "src_port": 10248, "dst_ip": "10.0.30.207", "dst_port": 4444, "protocol": "HTTP", "action": "ALERT", "hostname": "SRV-07", "user": "SYSTEM", "mitre_tactic": "TA0007", "mitre_technique": "T1059.001", "raw_log": "SRC=10.0.100.249 DST=10.0.30.207 RULE=ET TROJAN Emotet Variant ACTION=BLOCK", "false_positive": true, "acknowledged": true }, { "id": "ALERT-2024-0051", "timestamp": "2024-11-15T05:54:56.000Z", "level": "ERROR", "severity": 7, "category": "dns", "rule_name": "Sigma: Mimikatz Execution", "src_ip": "10.0.30.29", "src_port": 22520, "dst_ip": "10.0.100.8", "dst_port": 8443, "protocol": "RDP", "action": "DENY", "hostname": "SRV-13", "user": null, "mitre_tactic": "TA0008", "mitre_technique": "T1027", "raw_log": "SRC=10.0.30.29 DST=10.0.100.8 RULE=Custom: High Entropy DNS ACTION=DROP", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0052", "timestamp": "2024-11-15T06:00:23.000Z", "level": "INFO", "severity": 1, "category": "firewall", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "127.59.49.61", "src_port": 63242, "dst_ip": "10.0.2.101", "dst_port": 3389, "protocol": "SMB", "action": "ALERT", "hostname": "SRV-09", "user": "pkaminski", "mitre_tactic": "TA0007", "mitre_technique": "T1082", "raw_log": "SRC=127.59.49.61 DST=10.0.2.101 RULE=ET MALWARE CobaltStrike Beacon ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0053", "timestamp": "2024-11-15T06:09:22.000Z", "level": "INFO", "severity": 1, "category": "proxy", "rule_name": "ET SCAN Nmap Scan", "src_ip": "114.120.185.26", "src_port": 27116, "dst_ip": "10.0.30.141", "dst_port": 80, "protocol": "HTTP", "action": "ALLOW", "hostname": "SRV-01", "user": null, "mitre_tactic": "TA0004", "mitre_technique": "T1082", "raw_log": "SRC=114.120.185.26 DST=10.0.30.141 RULE=Sigma: Scheduled Task Creation ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0054", "timestamp": "2024-11-15T06:12:52.000Z", "level": "INFO", "severity": 1, "category": "endpoint", "rule_name": "Custom: Unusual Port 4444", "src_ip": "10.0.10.19", "src_port": 16293, "dst_ip": "10.0.10.152", "dst_port": 135, "protocol": "ICMP", "action": "BLOCK", "hostname": "WS-001", "user": null, "mitre_tactic": "TA0003", "mitre_technique": "T1110", "raw_log": "SRC=10.0.10.19 DST=10.0.10.152 RULE=Sigma: Mimikatz Execution ACTION=DROP", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0055", "timestamp": "2024-11-15T06:18:47.000Z", "level": "ERROR", "severity": 7, "category": "endpoint", "rule_name": "ET MALWARE CobaltStrike Beacon", "src_ip": "203.121.165.5", "src_port": 32235, "dst_ip": "14.64.215.135", "dst_port": 443, "protocol": "DNS", "action": "BLOCK", "hostname": "SRV-09", "user": null, "mitre_tactic": "TA0009", "mitre_technique": "T1055", "raw_log": "SRC=203.121.165.5 DST=14.64.215.135 RULE=Sigma: PsExec Lateral Movement ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0056", "timestamp": "2024-11-15T06:30:06.000Z", "level": "WARNING", "severity": 3, "category": "dns", "rule_name": "ET MALWARE Meterpreter", "src_ip": "10.0.0.17", "src_port": 47711, "dst_ip": "10.0.50.111", "dst_port": 8443, "protocol": "SSH", "action": "ALLOW", "hostname": "WS-006", "user": "pkaminski", "mitre_tactic": "TA0002", "mitre_technique": "T1110", "raw_log": "SRC=10.0.0.17 DST=10.0.50.111 RULE=ET TROJAN Emotet Variant ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0057", "timestamp": "2024-11-15T06:37:41.000Z", "level": "INFO", "severity": 1, "category": "dns", "rule_name": "Custom: Powershell Download Cradle", "src_ip": "10.0.50.27", "src_port": 51418, "dst_ip": "10.0.1.220", "dst_port": 445, "protocol": "HTTP", "action": "ALERT", "hostname": "WS-029", "user": "kzielinska", "mitre_tactic": "TA0006", "mitre_technique": "T1048", "raw_log": "SRC=10.0.50.27 DST=10.0.1.220 RULE=ET MALWARE Meterpreter ACTION=ALERT", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0058", "timestamp": "2024-11-15T06:39:47.000Z", "level": "WARNING", "severity": 3, "category": "dns", "rule_name": "Custom: High Entropy DNS", "src_ip": "40.242.34.24", "src_port": 25445, "dst_ip": "10.0.1.112", "dst_port": 4444, "protocol": "ICMP", "action": "BLOCK", "hostname": "WS-004", "user": "mlewandowski", "mitre_tactic": "TA0009", "mitre_technique": "T1021.001", "raw_log": "SRC=40.242.34.24 DST=10.0.1.112 RULE=Sigma: Scheduled Task Creation ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0059", "timestamp": "2024-11-15T06:50:13.000Z", "level": "CRITICAL", "severity": 10, "category": "vpn", "rule_name": "ET POLICY RDP from External", "src_ip": "10.0.0.249", "src_port": 44063, "dst_ip": "80.180.53.148", "dst_port": 443, "protocol": "HTTP", "action": "ALLOW", "hostname": "WS-023", "user": "tmazur", "mitre_tactic": "TA0002", "mitre_technique": "T1560", "raw_log": "SRC=10.0.0.249 DST=80.180.53.148 RULE=ET TROJAN Emotet Variant ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0060", "timestamp": "2024-11-15T06:53:11.000Z", "level": "WARNING", "severity": 3, "category": "firewall", "rule_name": "Custom: Unusual Port 4444", "src_ip": "10.0.20.9", "src_port": 10412, "dst_ip": "180.158.173.90", "dst_port": 1433, "protocol": "FTP", "action": "ALLOW", "hostname": "WS-010", "user": "jkowalski", "mitre_tactic": "TA0002", "mitre_technique": "T1016", "raw_log": "SRC=10.0.20.9 DST=180.158.173.90 RULE=Sigma: Mimikatz Execution ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0061", "timestamp": "2024-11-15T07:03:42.000Z", "level": "INFO", "severity": 1, "category": "dns", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "10.0.1.228", "src_port": 32852, "dst_ip": "41.25.41.70", "dst_port": 1433, "protocol": "SSH", "action": "ALERT", "hostname": "WS-018", "user": null, "mitre_tactic": "TA0009", "mitre_technique": "T1078", "raw_log": "SRC=10.0.1.228 DST=41.25.41.70 RULE=ET SCAN Port Scan ACTION=ALERT", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0062", "timestamp": "2024-11-15T07:08:48.000Z", "level": "WARNING", "severity": 3, "category": "dns", "rule_name": "ET TROJAN Emotet Variant", "src_ip": "102.28.3.53", "src_port": 19993, "dst_ip": "10.0.10.198", "dst_port": 135, "protocol": "UDP", "action": "ALLOW", "hostname": "SRV-03", "user": "pkaminski", "mitre_tactic": "TA0003", "mitre_technique": "T1071", "raw_log": "SRC=102.28.3.53 DST=10.0.10.198 RULE=Sigma: Mimikatz Execution ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0063", "timestamp": "2024-11-15T07:16:36.000Z", "level": "ERROR", "severity": 7, "category": "ids", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "190.21.223.5", "src_port": 38602, "dst_ip": "10.0.1.222", "dst_port": 139, "protocol": "FTP", "action": "DROP", "hostname": "WS-008", "user": "tmazur", "mitre_tactic": "TA0003", "mitre_technique": "T1560", "raw_log": "SRC=190.21.223.5 DST=10.0.1.222 RULE=Sigma: PsExec Lateral Movement ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0064", "timestamp": "2024-11-15T07:23:49.000Z", "level": "INFO", "severity": 1, "category": "ids", "rule_name": "ET POLICY RDP from External", "src_ip": "151.205.40.102", "src_port": 6029, "dst_ip": "10.0.30.58", "dst_port": 445, "protocol": "UDP", "action": "BLOCK", "hostname": "SRV-04", "user": null, "mitre_tactic": "TA0006", "mitre_technique": "T1021.001", "raw_log": "SRC=151.205.40.102 DST=10.0.30.58 RULE=Custom: High Entropy DNS ACTION=DENY", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0065", "timestamp": "2024-11-15T07:34:36.000Z", "level": "INFO", "severity": 1, "category": "endpoint", "rule_name": "Custom: Mass Auth Failure", "src_ip": "10.0.1.47", "src_port": 39000, "dst_ip": "10.0.100.120", "dst_port": 443, "protocol": "RDP", "action": "BLOCK", "hostname": "WS-021", "user": "svc_backup", "mitre_tactic": "TA0006", "mitre_technique": "T1110", "raw_log": "SRC=10.0.1.47 DST=10.0.100.120 RULE=ET MALWARE Meterpreter ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0066", "timestamp": "2024-11-15T07:41:54.000Z", "level": "ERROR", "severity": 7, "category": "firewall", "rule_name": "ET MALWARE CobaltStrike Beacon", "src_ip": "19.158.236.116", "src_port": 41329, "dst_ip": "95.146.39.166", "dst_port": 1433, "protocol": "SMB", "action": "ALERT", "hostname": "SRV-01", "user": "SYSTEM", "mitre_tactic": "TA0001", "mitre_technique": "T1566.001", "raw_log": "SRC=19.158.236.116 DST=95.146.39.166 RULE=Custom: Powershell Download Cradle ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0067", "timestamp": "2024-11-15T07:47:05.000Z", "level": "WARNING", "severity": 3, "category": "endpoint", "rule_name": "Sigma: Mimikatz Execution", "src_ip": "10.0.100.28", "src_port": 43368, "dst_ip": "10.0.30.253", "dst_port": 25, "protocol": "TCP", "action": "DENY", "hostname": "FS-01", "user": "bwiśniewski", "mitre_tactic": "TA0009", "mitre_technique": "T1047", "raw_log": "SRC=10.0.100.28 DST=10.0.30.253 RULE=Sigma: PsExec Lateral Movement ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0068", "timestamp": "2024-11-15T07:51:06.000Z", "level": "INFO", "severity": 1, "category": "proxy", "rule_name": "Sigma: Mimikatz Execution", "src_ip": "10.0.0.204", "src_port": 45482, "dst_ip": "10.0.30.18", "dst_port": 139, "protocol": "HTTPS", "action": "DROP", "hostname": "FS-02", "user": "admin", "mitre_tactic": "TA0003", "mitre_technique": "T1021.001", "raw_log": "SRC=10.0.0.204 DST=10.0.30.18 RULE=ET MALWARE CobaltStrike Beacon ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0069", "timestamp": "2024-11-15T07:57:42.000Z", "level": "INFO", "severity": 1, "category": "vpn", "rule_name": "Custom: High Entropy DNS", "src_ip": "182.43.158.144", "src_port": 55350, "dst_ip": "10.0.30.210", "dst_port": 3389, "protocol": "SMB", "action": "ALLOW", "hostname": "SRV-13", "user": "mlewandowski", "mitre_tactic": "TA0006", "mitre_technique": "T1059.001", "raw_log": "SRC=182.43.158.144 DST=10.0.30.210 RULE=ET SCAN Port Scan ACTION=DROP", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0070", "timestamp": "2024-11-15T08:09:34.000Z", "level": "CRITICAL", "severity": 10, "category": "email", "rule_name": "Custom: Unusual Port 4444", "src_ip": "36.79.39.76", "src_port": 49431, "dst_ip": "10.0.1.131", "dst_port": 8443, "protocol": "SMB", "action": "ALLOW", "hostname": "SRV-14", "user": "SYSTEM", "mitre_tactic": "TA0010", "mitre_technique": "T1110", "raw_log": "SRC=36.79.39.76 DST=10.0.1.131 RULE=Sigma: PsExec Lateral Movement ACTION=ALERT", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0071", "timestamp": "2024-11-15T08:13:39.000Z", "level": "WARNING", "severity": 3, "category": "endpoint", "rule_name": "ET TROJAN Emotet Variant", "src_ip": "10.0.0.107", "src_port": 50332, "dst_ip": "10.0.10.250", "dst_port": 3389, "protocol": "SSH", "action": "DENY", "hostname": "SRV-06", "user": null, "mitre_tactic": "TA0008", "mitre_technique": "T1027", "raw_log": "SRC=10.0.0.107 DST=10.0.10.250 RULE=Custom: Unusual Port 4444 ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0072", "timestamp": "2024-11-15T08:18:51.000Z", "level": "CRITICAL", "severity": 10, "category": "email", "rule_name": "Sigma: PsExec Lateral Movement", "src_ip": "10.0.50.130", "src_port": 10094, "dst_ip": "10.0.2.211", "dst_port": 8080, "protocol": "HTTPS", "action": "ALLOW", "hostname": "SRV-13", "user": "tmazur", "mitre_tactic": "TA0009", "mitre_technique": "T1027", "raw_log": "SRC=10.0.50.130 DST=10.0.2.211 RULE=ET MALWARE CobaltStrike Beacon ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0073", "timestamp": "2024-11-15T08:27:56.000Z", "level": "ERROR", "severity": 7, "category": "dns", "rule_name": "ET SCAN Port Scan", "src_ip": "10.0.2.214", "src_port": 62003, "dst_ip": "10.0.10.211", "dst_port": 22, "protocol": "FTP", "action": "ALLOW", "hostname": "WS-026", "user": "mwojcik", "mitre_tactic": "TA0007", "mitre_technique": "T1078", "raw_log": "SRC=10.0.2.214 DST=10.0.10.211 RULE=ET SCAN Port Scan ACTION=DENY", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0074", "timestamp": "2024-11-15T08:36:30.000Z", "level": "ERROR", "severity": 7, "category": "proxy", "rule_name": "ET MALWARE Meterpreter", "src_ip": "10.0.2.11", "src_port": 41351, "dst_ip": "213.241.71.195", "dst_port": 22, "protocol": "UDP", "action": "ALLOW", "hostname": "WS-017", "user": null, "mitre_tactic": "TA0003", "mitre_technique": "T1047", "raw_log": "SRC=10.0.2.11 DST=213.241.71.195 RULE=Custom: High Entropy DNS ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0075", "timestamp": "2024-11-15T08:39:18.000Z", "level": "INFO", "severity": 1, "category": "dns", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "62.214.234.17", "src_port": 1126, "dst_ip": "128.8.123.184", "dst_port": 1433, "protocol": "DNS", "action": "DENY", "hostname": "SRV-08", "user": "svc_backup", "mitre_tactic": "TA0011", "mitre_technique": "T1078", "raw_log": "SRC=62.214.234.17 DST=128.8.123.184 RULE=Sigma: Mimikatz Execution ACTION=DROP", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0076", "timestamp": "2024-11-15T08:51:04.000Z", "level": "WARNING", "severity": 3, "category": "firewall", "rule_name": "ET SCAN Port Scan", "src_ip": "121.22.198.252", "src_port": 16826, "dst_ip": "10.0.0.93", "dst_port": 3389, "protocol": "UDP", "action": "BLOCK", "hostname": "MAIL-01", "user": "pkaminski", "mitre_tactic": "TA0001", "mitre_technique": "T1021.001", "raw_log": "SRC=121.22.198.252 DST=10.0.0.93 RULE=Sigma: Mimikatz Execution ACTION=DROP", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0077", "timestamp": "2024-11-15T08:54:12.000Z", "level": "ERROR", "severity": 7, "category": "email", "rule_name": "ET SCAN Nmap Scan", "src_ip": "10.0.100.163", "src_port": 52870, "dst_ip": "35.32.234.10", "dst_port": 53, "protocol": "TCP", "action": "DROP", "hostname": "WS-020", "user": "NT AUTHORITY", "mitre_tactic": "TA0009", "mitre_technique": "T1566.001", "raw_log": "SRC=10.0.100.163 DST=35.32.234.10 RULE=ET TROJAN Emotet Variant ACTION=ALLOW", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0078", "timestamp": "2024-11-15T09:02:57.000Z", "level": "INFO", "severity": 1, "category": "firewall", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "10.0.30.71", "src_port": 23243, "dst_ip": "95.223.204.191", "dst_port": 25, "protocol": "SSH", "action": "ALERT", "hostname": "WS-024", "user": "mlewandowski", "mitre_tactic": "TA0005", "mitre_technique": "T1560", "raw_log": "SRC=10.0.30.71 DST=95.223.204.191 RULE=ET MALWARE CobaltStrike Beacon ACTION=ALERT", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0079", "timestamp": "2024-11-15T09:11:28.000Z", "level": "ERROR", "severity": 7, "category": "dns", "rule_name": "ET SCAN Port Scan", "src_ip": "21.167.151.79", "src_port": 30327, "dst_ip": "10.0.50.44", "dst_port": 22, "protocol": "DNS", "action": "BLOCK", "hostname": "WS-028", "user": null, "mitre_tactic": "TA0001", "mitre_technique": "T1078", "raw_log": "SRC=21.167.151.79 DST=10.0.50.44 RULE=Sigma: Scheduled Task Creation ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0080", "timestamp": "2024-11-15T09:17:02.000Z", "level": "WARNING", "severity": 3, "category": "firewall", "rule_name": "Sigma: PsExec Lateral Movement", "src_ip": "156.224.17.33", "src_port": 11079, "dst_ip": "200.187.185.99", "dst_port": 3306, "protocol": "SSH", "action": "DROP", "hostname": "WS-024", "user": "anowak", "mitre_tactic": "TA0010", "mitre_technique": "T1110", "raw_log": "SRC=156.224.17.33 DST=200.187.185.99 RULE=Sigma: Mimikatz Execution ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0081", "timestamp": "2024-11-15T09:22:45.000Z", "level": "INFO", "severity": 1, "category": "ids", "rule_name": "ET MALWARE Meterpreter", "src_ip": "48.255.198.234", "src_port": 15086, "dst_ip": "10.0.20.200", "dst_port": 1433, "protocol": "HTTPS", "action": "ALERT", "hostname": "WS-013", "user": null, "mitre_tactic": "TA0002", "mitre_technique": "T1566.001", "raw_log": "SRC=48.255.198.234 DST=10.0.20.200 RULE=ET POLICY RDP from External ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0082", "timestamp": "2024-11-15T09:28:45.000Z", "level": "CRITICAL", "severity": 10, "category": "proxy", "rule_name": "Custom: High Entropy DNS", "src_ip": "10.0.1.142", "src_port": 61797, "dst_ip": "10.0.20.219", "dst_port": 3389, "protocol": "ICMP", "action": "DROP", "hostname": "SRV-04", "user": null, "mitre_tactic": "TA0004", "mitre_technique": "T1560", "raw_log": "SRC=10.0.1.142 DST=10.0.20.219 RULE=ET POLICY RDP from External ACTION=DENY", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0083", "timestamp": "2024-11-15T09:37:45.000Z", "level": "WARNING", "severity": 3, "category": "proxy", "rule_name": "Custom: High Entropy DNS", "src_ip": "10.0.2.158", "src_port": 32393, "dst_ip": "10.0.1.81", "dst_port": 445, "protocol": "FTP", "action": "ALERT", "hostname": "SRV-08", "user": null, "mitre_tactic": "TA0006", "mitre_technique": "T1082", "raw_log": "SRC=10.0.2.158 DST=10.0.1.81 RULE=ET MALWARE CobaltStrike Beacon ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0084", "timestamp": "2024-11-15T09:41:33.000Z", "level": "INFO", "severity": 1, "category": "endpoint", "rule_name": "ET POLICY RDP from External", "src_ip": "10.0.2.112", "src_port": 20955, "dst_ip": "10.0.0.214", "dst_port": 25, "protocol": "ICMP", "action": "DROP", "hostname": "FS-01", "user": null, "mitre_tactic": "TA0009", "mitre_technique": "T1027", "raw_log": "SRC=10.0.2.112 DST=10.0.0.214 RULE=ET TROJAN Emotet Variant ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0085", "timestamp": "2024-11-15T09:53:39.000Z", "level": "WARNING", "severity": 3, "category": "endpoint", "rule_name": "Custom: High Entropy DNS", "src_ip": "10.0.1.130", "src_port": 60137, "dst_ip": "10.0.2.45", "dst_port": 1433, "protocol": "DNS", "action": "BLOCK", "hostname": "WS-003", "user": "jkowalski", "mitre_tactic": "TA0002", "mitre_technique": "T1059.001", "raw_log": "SRC=10.0.1.130 DST=10.0.2.45 RULE=Sigma: Scheduled Task Creation ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0086", "timestamp": "2024-11-15T10:01:51.000Z", "level": "WARNING", "severity": 3, "category": "firewall", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "10.0.20.166", "src_port": 27637, "dst_ip": "10.0.100.64", "dst_port": 80, "protocol": "SSH", "action": "ALLOW", "hostname": "DC-02", "user": null, "mitre_tactic": "TA0008", "mitre_technique": "T1071", "raw_log": "SRC=10.0.20.166 DST=10.0.100.64 RULE=ET MALWARE Meterpreter ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0087", "timestamp": "2024-11-15T10:06:06.000Z", "level": "INFO", "severity": 1, "category": "proxy", "rule_name": "ET SCAN Port Scan", "src_ip": "10.0.30.251", "src_port": 16866, "dst_ip": "10.0.30.133", "dst_port": 443, "protocol": "UDP", "action": "DROP", "hostname": "WS-029", "user": null, "mitre_tactic": "TA0002", "mitre_technique": "T1059.001", "raw_log": "SRC=10.0.30.251 DST=10.0.30.133 RULE=ET TROJAN Emotet Variant ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0088", "timestamp": "2024-11-15T10:12:31.000Z", "level": "CRITICAL", "severity": 10, "category": "endpoint", "rule_name": "Custom: Powershell Download Cradle", "src_ip": "10.0.30.50", "src_port": 21244, "dst_ip": "10.0.100.133", "dst_port": 443, "protocol": "TCP", "action": "ALLOW", "hostname": "WS-026", "user": "mwojcik", "mitre_tactic": "TA0004", "mitre_technique": "T1003", "raw_log": "SRC=10.0.30.50 DST=10.0.100.133 RULE=ET SCAN Port Scan ACTION=ALLOW", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0089", "timestamp": "2024-11-15T10:19:23.000Z", "level": "ERROR", "severity": 7, "category": "email", "rule_name": "ET SCAN Nmap Scan", "src_ip": "3.55.220.35", "src_port": 27276, "dst_ip": "10.0.30.197", "dst_port": 22, "protocol": "RDP", "action": "BLOCK", "hostname": "WS-013", "user": "agórecka", "mitre_tactic": "TA0002", "mitre_technique": "T1071", "raw_log": "SRC=3.55.220.35 DST=10.0.30.197 RULE=Sigma: Mimikatz Execution ACTION=ALERT", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0090", "timestamp": "2024-11-15T10:24:12.000Z", "level": "CRITICAL", "severity": 10, "category": "ids", "rule_name": "Sigma: PsExec Lateral Movement", "src_ip": "25.201.191.204", "src_port": 34389, "dst_ip": "10.0.30.195", "dst_port": 139, "protocol": "SMB", "action": "ALLOW", "hostname": "WS-003", "user": null, "mitre_tactic": "TA0006", "mitre_technique": "T1560", "raw_log": "SRC=25.201.191.204 DST=10.0.30.195 RULE=ET MALWARE Meterpreter ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0091", "timestamp": "2024-11-15T10:32:32.000Z", "level": "WARNING", "severity": 3, "category": "proxy", "rule_name": "Custom: Unusual Port 4444", "src_ip": "10.0.30.43", "src_port": 34428, "dst_ip": "10.0.20.153", "dst_port": 445, "protocol": "SSH", "action": "BLOCK", "hostname": "WS-020", "user": "jkowalski", "mitre_tactic": "TA0006", "mitre_technique": "T1021.001", "raw_log": "SRC=10.0.30.43 DST=10.0.20.153 RULE=Sigma: Scheduled Task Creation ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0092", "timestamp": "2024-11-15T10:37:37.000Z", "level": "ERROR", "severity": 7, "category": "firewall", "rule_name": "ET MALWARE Meterpreter", "src_ip": "10.0.20.249", "src_port": 12198, "dst_ip": "10.0.10.186", "dst_port": 445, "protocol": "RDP", "action": "ALERT", "hostname": "WS-010", "user": "mwojcik", "mitre_tactic": "TA0001", "mitre_technique": "T1003", "raw_log": "SRC=10.0.20.249 DST=10.0.10.186 RULE=Custom: High Entropy DNS ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0093", "timestamp": "2024-11-15T10:50:47.000Z", "level": "WARNING", "severity": 3, "category": "vpn", "rule_name": "Custom: High Entropy DNS", "src_ip": "10.0.50.130", "src_port": 5105, "dst_ip": "10.0.100.225", "dst_port": 3389, "protocol": "ICMP", "action": "BLOCK", "hostname": "WS-014", "user": "svc_backup", "mitre_tactic": "TA0008", "mitre_technique": "T1047", "raw_log": "SRC=10.0.50.130 DST=10.0.100.225 RULE=ET EXPLOIT EternalBlue ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0094", "timestamp": "2024-11-15T10:55:19.000Z", "level": "WARNING", "severity": 3, "category": "proxy", "rule_name": "ET INFO DNS Lookup Known C2", "src_ip": "10.0.20.158", "src_port": 62725, "dst_ip": "10.0.10.73", "dst_port": 80, "protocol": "HTTPS", "action": "DENY", "hostname": "DC-02", "user": "tmazur", "mitre_tactic": "TA0008", "mitre_technique": "T1021.001", "raw_log": "SRC=10.0.20.158 DST=10.0.10.73 RULE=Sigma: Mimikatz Execution ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0095", "timestamp": "2024-11-15T11:01:41.000Z", "level": "WARNING", "severity": 3, "category": "vpn", "rule_name": "ET TROJAN Emotet Variant", "src_ip": "10.0.2.76", "src_port": 50001, "dst_ip": "183.40.177.237", "dst_port": 443, "protocol": "HTTP", "action": "DENY", "hostname": "SRV-06", "user": null, "mitre_tactic": "TA0009", "mitre_technique": "T1016", "raw_log": "SRC=10.0.2.76 DST=183.40.177.237 RULE=ET TROJAN Emotet Variant ACTION=DENY", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0096", "timestamp": "2024-11-15T11:08:06.000Z", "level": "INFO", "severity": 1, "category": "firewall", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "10.0.10.165", "src_port": 51536, "dst_ip": "26.211.169.184", "dst_port": 25, "protocol": "TCP", "action": "BLOCK", "hostname": "WS-011", "user": "bwiśniewski", "mitre_tactic": "TA0008", "mitre_technique": "T1082", "raw_log": "SRC=10.0.10.165 DST=26.211.169.184 RULE=ET INFO DNS Lookup Known C2 ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0097", "timestamp": "2024-11-15T11:13:26.000Z", "level": "CRITICAL", "severity": 10, "category": "ids", "rule_name": "Custom: Powershell Download Cradle", "src_ip": "10.0.10.138", "src_port": 55917, "dst_ip": "10.0.0.235", "dst_port": 25, "protocol": "TCP", "action": "ALERT", "hostname": "SRV-03", "user": null, "mitre_tactic": "TA0005", "mitre_technique": "T1027", "raw_log": "SRC=10.0.10.138 DST=10.0.0.235 RULE=ET SCAN Nmap Scan ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0098", "timestamp": "2024-11-15T11:25:07.000Z", "level": "CRITICAL", "severity": 10, "category": "proxy", "rule_name": "ET SCAN Port Scan", "src_ip": "165.252.68.218", "src_port": 11673, "dst_ip": "10.0.20.51", "dst_port": 3389, "protocol": "SSH", "action": "DROP", "hostname": "FS-01", "user": null, "mitre_tactic": "TA0006", "mitre_technique": "T1560", "raw_log": "SRC=165.252.68.218 DST=10.0.20.51 RULE=ET TROJAN Emotet Variant ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0099", "timestamp": "2024-11-15T11:27:30.000Z", "level": "WARNING", "severity": 3, "category": "vpn", "rule_name": "ET SCAN Port Scan", "src_ip": "10.0.30.24", "src_port": 62354, "dst_ip": "10.0.1.49", "dst_port": 53, "protocol": "TCP", "action": "DROP", "hostname": "WS-025", "user": null, "mitre_tactic": "TA0005", "mitre_technique": "T1021.001", "raw_log": "SRC=10.0.30.24 DST=10.0.1.49 RULE=ET TROJAN Emotet Variant ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0100", "timestamp": "2024-11-15T11:33:40.000Z", "level": "WARNING", "severity": 3, "category": "auth", "rule_name": "Custom: Powershell Download Cradle", "src_ip": "31.238.157.41", "src_port": 62669, "dst_ip": "10.0.20.178", "dst_port": 80, "protocol": "DNS", "action": "BLOCK", "hostname": "WS-015", "user": null, "mitre_tactic": "TA0003", "mitre_technique": "T1566.001", "raw_log": "SRC=31.238.157.41 DST=10.0.20.178 RULE=ET POLICY RDP from External ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0101", "timestamp": "2024-11-15T11:45:23.000Z", "level": "WARNING", "severity": 3, "category": "email", "rule_name": "ET MALWARE CobaltStrike Beacon", "src_ip": "10.0.10.197", "src_port": 61136, "dst_ip": "194.41.228.136", "dst_port": 1433, "protocol": "UDP", "action": "ALLOW", "hostname": "SRV-07", "user": "mwojcik", "mitre_tactic": "TA0010", "mitre_technique": "T1047", "raw_log": "SRC=10.0.10.197 DST=194.41.228.136 RULE=ET POLICY RDP from External ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0102", "timestamp": "2024-11-15T11:47:29.000Z", "level": "INFO", "severity": 1, "category": "auth", "rule_name": "ET POLICY RDP from External", "src_ip": "10.0.100.25", "src_port": 34660, "dst_ip": "10.0.100.209", "dst_port": 139, "protocol": "SSH", "action": "BLOCK", "hostname": "WS-004", "user": "svc_backup", "mitre_tactic": "TA0005", "mitre_technique": "T1016", "raw_log": "SRC=10.0.100.25 DST=10.0.100.209 RULE=ET SCAN Nmap Scan ACTION=ALERT", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0103", "timestamp": "2024-11-15T11:56:26.000Z", "level": "INFO", "severity": 1, "category": "ids", "rule_name": "ET POLICY RDP from External", "src_ip": "89.32.30.240", "src_port": 51419, "dst_ip": "10.0.100.10", "dst_port": 25, "protocol": "FTP", "action": "DROP", "hostname": "WS-025", "user": "kzielinska", "mitre_tactic": "TA0007", "mitre_technique": "T1078", "raw_log": "SRC=89.32.30.240 DST=10.0.100.10 RULE=Sigma: Scheduled Task Creation ACTION=BLOCK", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0104", "timestamp": "2024-11-15T12:06:34.000Z", "level": "INFO", "severity": 1, "category": "vpn", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "10.0.10.215", "src_port": 35884, "dst_ip": "6.152.237.173", "dst_port": 139, "protocol": "HTTP", "action": "DENY", "hostname": "SRV-01", "user": "agórecka", "mitre_tactic": "TA0004", "mitre_technique": "T1027", "raw_log": "SRC=10.0.10.215 DST=6.152.237.173 RULE=Custom: Powershell Download Cradle ACTION=ALLOW", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0105", "timestamp": "2024-11-15T12:13:02.000Z", "level": "WARNING", "severity": 3, "category": "firewall", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "18.51.17.115", "src_port": 29791, "dst_ip": "10.0.0.64", "dst_port": 53, "protocol": "SMB", "action": "DENY", "hostname": "PROXY-01", "user": "jkowalski", "mitre_tactic": "TA0003", "mitre_technique": "T1047", "raw_log": "SRC=18.51.17.115 DST=10.0.0.64 RULE=ET TROJAN Emotet Variant ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0106", "timestamp": "2024-11-15T12:18:03.000Z", "level": "INFO", "severity": 1, "category": "proxy", "rule_name": "ET SCAN Port Scan", "src_ip": "37.113.211.77", "src_port": 62731, "dst_ip": "143.89.218.143", "dst_port": 3306, "protocol": "FTP", "action": "BLOCK", "hostname": "WS-021", "user": "kzielinska", "mitre_tactic": "TA0003", "mitre_technique": "T1543", "raw_log": "SRC=37.113.211.77 DST=143.89.218.143 RULE=ET EXPLOIT EternalBlue ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0107", "timestamp": "2024-11-15T12:25:26.000Z", "level": "ERROR", "severity": 7, "category": "dns", "rule_name": "Sigma: Mimikatz Execution", "src_ip": "10.0.2.208", "src_port": 35757, "dst_ip": "10.0.0.145", "dst_port": 25, "protocol": "FTP", "action": "DENY", "hostname": "WS-017", "user": null, "mitre_tactic": "TA0011", "mitre_technique": "T1078", "raw_log": "SRC=10.0.2.208 DST=10.0.0.145 RULE=Custom: Powershell Download Cradle ACTION=ALERT", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0108", "timestamp": "2024-11-15T12:30:55.000Z", "level": "ERROR", "severity": 7, "category": "auth", "rule_name": "Custom: Powershell Download Cradle", "src_ip": "97.20.37.49", "src_port": 22845, "dst_ip": "10.0.10.124", "dst_port": 80, "protocol": "TCP", "action": "DENY", "hostname": "WS-013", "user": "anowak", "mitre_tactic": "TA0008", "mitre_technique": "T1027", "raw_log": "SRC=97.20.37.49 DST=10.0.10.124 RULE=ET INFO DNS Lookup Known C2 ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0109", "timestamp": "2024-11-15T12:38:23.000Z", "level": "INFO", "severity": 1, "category": "proxy", "rule_name": "Sigma: Mimikatz Execution", "src_ip": "10.0.50.121", "src_port": 58879, "dst_ip": "10.0.30.80", "dst_port": 443, "protocol": "SSH", "action": "ALLOW", "hostname": "FS-02", "user": "NT AUTHORITY", "mitre_tactic": "TA0006", "mitre_technique": "T1027", "raw_log": "SRC=10.0.50.121 DST=10.0.30.80 RULE=ET INFO DNS Lookup Known C2 ACTION=DROP", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0110", "timestamp": "2024-11-15T12:47:41.000Z", "level": "ERROR", "severity": 7, "category": "endpoint", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "142.213.151.40", "src_port": 23146, "dst_ip": "59.194.125.128", "dst_port": 80, "protocol": "SSH", "action": "ALERT", "hostname": "SRV-01", "user": null, "mitre_tactic": "TA0006", "mitre_technique": "T1110", "raw_log": "SRC=142.213.151.40 DST=59.194.125.128 RULE=ET POLICY RDP from External ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0111", "timestamp": "2024-11-15T12:50:26.000Z", "level": "WARNING", "severity": 3, "category": "firewall", "rule_name": "ET POLICY RDP from External", "src_ip": "10.0.1.243", "src_port": 56241, "dst_ip": "10.0.0.197", "dst_port": 3306, "protocol": "HTTP", "action": "ALLOW", "hostname": "FS-01", "user": null, "mitre_tactic": "TA0004", "mitre_technique": "T1047", "raw_log": "SRC=10.0.1.243 DST=10.0.0.197 RULE=ET MALWARE Meterpreter ACTION=DROP", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0112", "timestamp": "2024-11-15T12:57:33.000Z", "level": "CRITICAL", "severity": 10, "category": "email", "rule_name": "Custom: High Entropy DNS", "src_ip": "10.0.0.3", "src_port": 19029, "dst_ip": "10.0.50.5", "dst_port": 445, "protocol": "HTTPS", "action": "ALLOW", "hostname": "SRV-04", "user": "svc_backup", "mitre_tactic": "TA0007", "mitre_technique": "T1560", "raw_log": "SRC=10.0.0.3 DST=10.0.50.5 RULE=Custom: Powershell Download Cradle ACTION=DENY", "false_positive": true, "acknowledged": true }, { "id": "ALERT-2024-0113", "timestamp": "2024-11-15T13:06:25.000Z", "level": "INFO", "severity": 1, "category": "auth", "rule_name": "ET MALWARE Meterpreter", "src_ip": "10.0.20.210", "src_port": 38051, "dst_ip": "10.0.50.22", "dst_port": 53, "protocol": "HTTP", "action": "DROP", "hostname": "DC-01", "user": "anowak", "mitre_tactic": "TA0011", "mitre_technique": "T1048", "raw_log": "SRC=10.0.20.210 DST=10.0.50.22 RULE=Sigma: Scheduled Task Creation ACTION=ALLOW", "false_positive": true, "acknowledged": true }, { "id": "ALERT-2024-0114", "timestamp": "2024-11-15T13:17:21.000Z", "level": "WARNING", "severity": 3, "category": "firewall", "rule_name": "Sigma: PsExec Lateral Movement", "src_ip": "10.0.2.23", "src_port": 65074, "dst_ip": "10.0.50.167", "dst_port": 8080, "protocol": "UDP", "action": "BLOCK", "hostname": "WS-003", "user": null, "mitre_tactic": "TA0010", "mitre_technique": "T1566.001", "raw_log": "SRC=10.0.2.23 DST=10.0.50.167 RULE=ET TROJAN Emotet Variant ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0115", "timestamp": "2024-11-15T13:19:36.000Z", "level": "INFO", "severity": 1, "category": "firewall", "rule_name": "ET INFO DNS Lookup Known C2", "src_ip": "218.161.8.247", "src_port": 38162, "dst_ip": "37.203.39.77", "dst_port": 8080, "protocol": "FTP", "action": "BLOCK", "hostname": "WS-022", "user": "svc_scan", "mitre_tactic": "TA0003", "mitre_technique": "T1560", "raw_log": "SRC=218.161.8.247 DST=37.203.39.77 RULE=Custom: High Entropy DNS ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0116", "timestamp": "2024-11-15T13:27:50.000Z", "level": "INFO", "severity": 1, "category": "vpn", "rule_name": "ET MALWARE Meterpreter", "src_ip": "20.174.203.249", "src_port": 33176, "dst_ip": "10.0.0.164", "dst_port": 53, "protocol": "DNS", "action": "BLOCK", "hostname": "WS-025", "user": "svc_backup", "mitre_tactic": "TA0010", "mitre_technique": "T1082", "raw_log": "SRC=20.174.203.249 DST=10.0.0.164 RULE=ET EXPLOIT EternalBlue ACTION=ALLOW", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0117", "timestamp": "2024-11-15T13:32:00.000Z", "level": "INFO", "severity": 1, "category": "ids", "rule_name": "ET TROJAN Emotet Variant", "src_ip": "40.194.78.190", "src_port": 30170, "dst_ip": "10.0.30.29", "dst_port": 135, "protocol": "HTTPS", "action": "ALLOW", "hostname": "WS-009", "user": null, "mitre_tactic": "TA0007", "mitre_technique": "T1566.001", "raw_log": "SRC=40.194.78.190 DST=10.0.30.29 RULE=Sigma: Mimikatz Execution ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0118", "timestamp": "2024-11-15T13:42:49.000Z", "level": "INFO", "severity": 1, "category": "ids", "rule_name": "ET MALWARE CobaltStrike Beacon", "src_ip": "10.0.30.223", "src_port": 48527, "dst_ip": "10.0.20.107", "dst_port": 8443, "protocol": "SMB", "action": "DENY", "hostname": "SRV-08", "user": "svc_backup", "mitre_tactic": "TA0007", "mitre_technique": "T1110", "raw_log": "SRC=10.0.30.223 DST=10.0.20.107 RULE=ET POLICY RDP from External ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0119", "timestamp": "2024-11-15T13:46:08.000Z", "level": "INFO", "severity": 1, "category": "vpn", "rule_name": "ET TROJAN Emotet Variant", "src_ip": "77.247.39.93", "src_port": 1467, "dst_ip": "64.253.100.118", "dst_port": 139, "protocol": "DNS", "action": "BLOCK", "hostname": "WS-025", "user": "tmazur", "mitre_tactic": "TA0008", "mitre_technique": "T1021.001", "raw_log": "SRC=77.247.39.93 DST=64.253.100.118 RULE=ET EXPLOIT EternalBlue ACTION=BLOCK", "false_positive": true, "acknowledged": true }, { "id": "ALERT-2024-0120", "timestamp": "2024-11-15T13:58:44.000Z", "level": "CRITICAL", "severity": 10, "category": "auth", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "10.0.2.248", "src_port": 33202, "dst_ip": "10.0.30.76", "dst_port": 1433, "protocol": "HTTP", "action": "DROP", "hostname": "WS-025", "user": null, "mitre_tactic": "TA0007", "mitre_technique": "T1021.001", "raw_log": "SRC=10.0.2.248 DST=10.0.30.76 RULE=ET MALWARE CobaltStrike Beacon ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0121", "timestamp": "2024-11-15T14:02:53.000Z", "level": "INFO", "severity": 1, "category": "firewall", "rule_name": "Custom: High Entropy DNS", "src_ip": "10.0.100.243", "src_port": 5556, "dst_ip": "10.0.100.206", "dst_port": 8080, "protocol": "FTP", "action": "ALERT", "hostname": "WS-009", "user": "mwojcik", "mitre_tactic": "TA0005", "mitre_technique": "T1082", "raw_log": "SRC=10.0.100.243 DST=10.0.100.206 RULE=ET POLICY RDP from External ACTION=ALERT", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0122", "timestamp": "2024-11-15T14:08:42.000Z", "level": "CRITICAL", "severity": 10, "category": "email", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "10.0.50.141", "src_port": 24289, "dst_ip": "93.43.55.197", "dst_port": 25, "protocol": "RDP", "action": "ALLOW", "hostname": "SRV-08", "user": "svc_backup", "mitre_tactic": "TA0011", "mitre_technique": "T1071", "raw_log": "SRC=10.0.50.141 DST=93.43.55.197 RULE=Custom: Mass Auth Failure ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0123", "timestamp": "2024-11-15T14:14:30.000Z", "level": "INFO", "severity": 1, "category": "dns", "rule_name": "ET MALWARE CobaltStrike Beacon", "src_ip": "192.113.228.96", "src_port": 20385, "dst_ip": "10.0.2.90", "dst_port": 139, "protocol": "UDP", "action": "ALLOW", "hostname": "FS-02", "user": null, "mitre_tactic": "TA0005", "mitre_technique": "T1021.001", "raw_log": "SRC=192.113.228.96 DST=10.0.2.90 RULE=ET MALWARE Meterpreter ACTION=DENY", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0124", "timestamp": "2024-11-15T14:27:10.000Z", "level": "INFO", "severity": 1, "category": "email", "rule_name": "Custom: Powershell Download Cradle", "src_ip": "77.22.58.6", "src_port": 65504, "dst_ip": "10.0.1.175", "dst_port": 3389, "protocol": "HTTP", "action": "BLOCK", "hostname": "WS-012", "user": "tmazur", "mitre_tactic": "TA0009", "mitre_technique": "T1071", "raw_log": "SRC=77.22.58.6 DST=10.0.1.175 RULE=ET MALWARE Meterpreter ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0125", "timestamp": "2024-11-15T14:29:13.000Z", "level": "INFO", "severity": 1, "category": "vpn", "rule_name": "ET TROJAN Emotet Variant", "src_ip": "189.101.230.152", "src_port": 50328, "dst_ip": "10.0.0.182", "dst_port": 3389, "protocol": "UDP", "action": "BLOCK", "hostname": "WS-007", "user": "mlewandowski", "mitre_tactic": "TA0003", "mitre_technique": "T1021.001", "raw_log": "SRC=189.101.230.152 DST=10.0.0.182 RULE=ET SCAN Port Scan ACTION=DENY", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0126", "timestamp": "2024-11-15T14:40:45.000Z", "level": "ERROR", "severity": 7, "category": "proxy", "rule_name": "Custom: Mass Auth Failure", "src_ip": "10.0.50.152", "src_port": 20517, "dst_ip": "91.234.88.209", "dst_port": 8443, "protocol": "RDP", "action": "BLOCK", "hostname": "WS-006", "user": "tmazur", "mitre_tactic": "TA0002", "mitre_technique": "T1055", "raw_log": "SRC=10.0.50.152 DST=91.234.88.209 RULE=ET TROJAN Emotet Variant ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0127", "timestamp": "2024-11-15T14:44:08.000Z", "level": "WARNING", "severity": 3, "category": "vpn", "rule_name": "ET POLICY RDP from External", "src_ip": "10.0.50.110", "src_port": 21640, "dst_ip": "163.88.85.126", "dst_port": 8080, "protocol": "SSH", "action": "BLOCK", "hostname": "WS-004", "user": "jkowalski", "mitre_tactic": "TA0008", "mitre_technique": "T1110", "raw_log": "SRC=10.0.50.110 DST=163.88.85.126 RULE=ET INFO DNS Lookup Known C2 ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0128", "timestamp": "2024-11-15T14:49:17.000Z", "level": "WARNING", "severity": 3, "category": "email", "rule_name": "ET INFO DNS Lookup Known C2", "src_ip": "10.0.100.127", "src_port": 36256, "dst_ip": "145.15.112.75", "dst_port": 80, "protocol": "ICMP", "action": "ALERT", "hostname": "SRV-08", "user": "SYSTEM", "mitre_tactic": "TA0008", "mitre_technique": "T1047", "raw_log": "SRC=10.0.100.127 DST=145.15.112.75 RULE=Sigma: Mimikatz Execution ACTION=ALLOW", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0129", "timestamp": "2024-11-15T14:56:47.000Z", "level": "WARNING", "severity": 3, "category": "proxy", "rule_name": "Custom: Unusual Port 4444", "src_ip": "10.0.0.196", "src_port": 43863, "dst_ip": "10.0.10.110", "dst_port": 4444, "protocol": "HTTP", "action": "DROP", "hostname": "WS-003", "user": "tmazur", "mitre_tactic": "TA0002", "mitre_technique": "T1566.001", "raw_log": "SRC=10.0.0.196 DST=10.0.10.110 RULE=Custom: Unusual Port 4444 ACTION=ALLOW", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0130", "timestamp": "2024-11-15T15:04:51.000Z", "level": "ERROR", "severity": 7, "category": "proxy", "rule_name": "ET SCAN Nmap Scan", "src_ip": "10.0.50.44", "src_port": 38384, "dst_ip": "10.0.10.210", "dst_port": 135, "protocol": "SMB", "action": "DROP", "hostname": "SRV-10", "user": "tmazur", "mitre_tactic": "TA0005", "mitre_technique": "T1543", "raw_log": "SRC=10.0.50.44 DST=10.0.10.210 RULE=Sigma: PsExec Lateral Movement ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0131", "timestamp": "2024-11-15T15:16:08.000Z", "level": "CRITICAL", "severity": 10, "category": "ids", "rule_name": "ET INFO DNS Lookup Known C2", "src_ip": "193.210.30.71", "src_port": 10608, "dst_ip": "10.0.2.181", "dst_port": 3389, "protocol": "DNS", "action": "DENY", "hostname": "PROXY-01", "user": "kzielinska", "mitre_tactic": "TA0008", "mitre_technique": "T1110", "raw_log": "SRC=193.210.30.71 DST=10.0.2.181 RULE=Sigma: PsExec Lateral Movement ACTION=DROP", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0132", "timestamp": "2024-11-15T15:20:20.000Z", "level": "INFO", "severity": 1, "category": "ids", "rule_name": "Sigma: PsExec Lateral Movement", "src_ip": "10.0.20.179", "src_port": 1186, "dst_ip": "10.0.30.118", "dst_port": 8080, "protocol": "UDP", "action": "ALERT", "hostname": "SRV-12", "user": "tmazur", "mitre_tactic": "TA0002", "mitre_technique": "T1560", "raw_log": "SRC=10.0.20.179 DST=10.0.30.118 RULE=Sigma: Mimikatz Execution ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0133", "timestamp": "2024-11-15T15:29:48.000Z", "level": "INFO", "severity": 1, "category": "dns", "rule_name": "ET SCAN Nmap Scan", "src_ip": "73.172.66.145", "src_port": 4034, "dst_ip": "10.0.30.230", "dst_port": 23, "protocol": "SSH", "action": "ALLOW", "hostname": "WS-008", "user": "pkaminski", "mitre_tactic": "TA0008", "mitre_technique": "T1566.001", "raw_log": "SRC=73.172.66.145 DST=10.0.30.230 RULE=ET SCAN Nmap Scan ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0134", "timestamp": "2024-11-15T15:36:19.000Z", "level": "INFO", "severity": 1, "category": "dns", "rule_name": "Custom: High Entropy DNS", "src_ip": "71.47.184.65", "src_port": 46862, "dst_ip": "171.84.26.102", "dst_port": 4444, "protocol": "HTTP", "action": "ALERT", "hostname": "SRV-13", "user": null, "mitre_tactic": "TA0002", "mitre_technique": "T1059.001", "raw_log": "SRC=71.47.184.65 DST=171.84.26.102 RULE=ET INFO DNS Lookup Known C2 ACTION=ALERT", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0135", "timestamp": "2024-11-15T15:38:14.000Z", "level": "WARNING", "severity": 3, "category": "email", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "179.175.61.253", "src_port": 6878, "dst_ip": "10.0.2.124", "dst_port": 3389, "protocol": "UDP", "action": "ALLOW", "hostname": "WS-021", "user": "agórecka", "mitre_tactic": "TA0003", "mitre_technique": "T1071", "raw_log": "SRC=179.175.61.253 DST=10.0.2.124 RULE=Custom: Mass Auth Failure ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0136", "timestamp": "2024-11-15T15:50:09.000Z", "level": "INFO", "severity": 1, "category": "firewall", "rule_name": "Custom: Powershell Download Cradle", "src_ip": "10.0.2.114", "src_port": 28005, "dst_ip": "10.0.10.162", "dst_port": 1433, "protocol": "SSH", "action": "DENY", "hostname": "WS-006", "user": "pkaminski", "mitre_tactic": "TA0002", "mitre_technique": "T1003", "raw_log": "SRC=10.0.2.114 DST=10.0.10.162 RULE=Custom: High Entropy DNS ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0137", "timestamp": "2024-11-15T15:58:42.000Z", "level": "ERROR", "severity": 7, "category": "auth", "rule_name": "Custom: Powershell Download Cradle", "src_ip": "22.127.145.200", "src_port": 20792, "dst_ip": "10.0.0.219", "dst_port": 53, "protocol": "SMB", "action": "BLOCK", "hostname": "SRV-04", "user": null, "mitre_tactic": "TA0007", "mitre_technique": "T1543", "raw_log": "SRC=22.127.145.200 DST=10.0.0.219 RULE=Sigma: Scheduled Task Creation ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0138", "timestamp": "2024-11-15T16:02:55.000Z", "level": "INFO", "severity": 1, "category": "vpn", "rule_name": "Custom: Unusual Port 4444", "src_ip": "128.36.6.253", "src_port": 38273, "dst_ip": "10.0.30.35", "dst_port": 139, "protocol": "DNS", "action": "BLOCK", "hostname": "DC-01", "user": null, "mitre_tactic": "TA0008", "mitre_technique": "T1560", "raw_log": "SRC=128.36.6.253 DST=10.0.30.35 RULE=ET MALWARE CobaltStrike Beacon ACTION=ALLOW", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0139", "timestamp": "2024-11-15T16:09:05.000Z", "level": "INFO", "severity": 1, "category": "firewall", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "10.0.50.131", "src_port": 36188, "dst_ip": "183.212.216.180", "dst_port": 445, "protocol": "RDP", "action": "DENY", "hostname": "WS-018", "user": null, "mitre_tactic": "TA0002", "mitre_technique": "T1047", "raw_log": "SRC=10.0.50.131 DST=183.212.216.180 RULE=Custom: Powershell Download Cradle ACTION=DENY", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0140", "timestamp": "2024-11-15T16:17:03.000Z", "level": "INFO", "severity": 1, "category": "ids", "rule_name": "ET TROJAN Emotet Variant", "src_ip": "112.122.29.63", "src_port": 44676, "dst_ip": "112.59.232.157", "dst_port": 3389, "protocol": "ICMP", "action": "ALLOW", "hostname": "WS-001", "user": "svc_scan", "mitre_tactic": "TA0001", "mitre_technique": "T1110", "raw_log": "SRC=112.122.29.63 DST=112.59.232.157 RULE=ET MALWARE Meterpreter ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0141", "timestamp": "2024-11-15T16:23:17.000Z", "level": "ERROR", "severity": 7, "category": "endpoint", "rule_name": "Sigma: Mimikatz Execution", "src_ip": "192.137.60.198", "src_port": 5209, "dst_ip": "10.0.30.208", "dst_port": 80, "protocol": "RDP", "action": "ALLOW", "hostname": "SRV-03", "user": "tmazur", "mitre_tactic": "TA0001", "mitre_technique": "T1566.001", "raw_log": "SRC=192.137.60.198 DST=10.0.30.208 RULE=Custom: Unusual Port 4444 ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0142", "timestamp": "2024-11-15T16:30:23.000Z", "level": "ERROR", "severity": 7, "category": "ids", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "131.1.22.220", "src_port": 61331, "dst_ip": "10.0.10.13", "dst_port": 25, "protocol": "ICMP", "action": "ALLOW", "hostname": "SRV-07", "user": "svc_scan", "mitre_tactic": "TA0011", "mitre_technique": "T1071", "raw_log": "SRC=131.1.22.220 DST=10.0.10.13 RULE=ET INFO DNS Lookup Known C2 ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0143", "timestamp": "2024-11-15T16:35:51.000Z", "level": "INFO", "severity": 1, "category": "ids", "rule_name": "Sigma: Mimikatz Execution", "src_ip": "10.0.1.130", "src_port": 65341, "dst_ip": "10.0.0.47", "dst_port": 22, "protocol": "FTP", "action": "ALLOW", "hostname": "SRV-01", "user": "SYSTEM", "mitre_tactic": "TA0005", "mitre_technique": "T1021.001", "raw_log": "SRC=10.0.1.130 DST=10.0.0.47 RULE=ET MALWARE CobaltStrike Beacon ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0144", "timestamp": "2024-11-15T16:47:12.000Z", "level": "INFO", "severity": 1, "category": "dns", "rule_name": "Custom: High Entropy DNS", "src_ip": "10.0.10.120", "src_port": 60035, "dst_ip": "10.0.100.199", "dst_port": 445, "protocol": "HTTP", "action": "DENY", "hostname": "WS-001", "user": "jkowalski", "mitre_tactic": "TA0004", "mitre_technique": "T1047", "raw_log": "SRC=10.0.10.120 DST=10.0.100.199 RULE=ET SCAN Port Scan ACTION=ALLOW", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0145", "timestamp": "2024-11-15T16:50:05.000Z", "level": "WARNING", "severity": 3, "category": "dns", "rule_name": "ET SCAN Nmap Scan", "src_ip": "136.121.214.126", "src_port": 61400, "dst_ip": "10.0.2.184", "dst_port": 53, "protocol": "SMB", "action": "ALERT", "hostname": "DC-02", "user": "bwiśniewski", "mitre_tactic": "TA0002", "mitre_technique": "T1003", "raw_log": "SRC=136.121.214.126 DST=10.0.2.184 RULE=ET MALWARE CobaltStrike Beacon ACTION=BLOCK", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0146", "timestamp": "2024-11-15T17:01:47.000Z", "level": "INFO", "severity": 1, "category": "firewall", "rule_name": "ET SCAN Port Scan", "src_ip": "10.0.2.62", "src_port": 21868, "dst_ip": "218.161.201.180", "dst_port": 443, "protocol": "HTTPS", "action": "DENY", "hostname": "WS-005", "user": "pkaminski", "mitre_tactic": "TA0010", "mitre_technique": "T1078", "raw_log": "SRC=10.0.2.62 DST=218.161.201.180 RULE=ET POLICY RDP from External ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0147", "timestamp": "2024-11-15T17:02:05.000Z", "level": "WARNING", "severity": 3, "category": "proxy", "rule_name": "ET POLICY RDP from External", "src_ip": "10.0.10.117", "src_port": 53950, "dst_ip": "10.0.20.220", "dst_port": 3306, "protocol": "HTTPS", "action": "BLOCK", "hostname": "WS-003", "user": null, "mitre_tactic": "TA0006", "mitre_technique": "T1110", "raw_log": "SRC=10.0.10.117 DST=10.0.20.220 RULE=ET MALWARE CobaltStrike Beacon ACTION=DENY", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0148", "timestamp": "2024-11-15T17:12:06.000Z", "level": "INFO", "severity": 1, "category": "dns", "rule_name": "Custom: Mass Auth Failure", "src_ip": "45.15.207.219", "src_port": 53047, "dst_ip": "10.0.10.26", "dst_port": 25, "protocol": "UDP", "action": "ALLOW", "hostname": "WS-004", "user": "mwojcik", "mitre_tactic": "TA0003", "mitre_technique": "T1055", "raw_log": "SRC=45.15.207.219 DST=10.0.10.26 RULE=Custom: Unusual Port 4444 ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0149", "timestamp": "2024-11-15T17:21:28.000Z", "level": "WARNING", "severity": 3, "category": "dns", "rule_name": "Custom: Mass Auth Failure", "src_ip": "10.0.1.7", "src_port": 9464, "dst_ip": "10.0.10.233", "dst_port": 23, "protocol": "DNS", "action": "ALLOW", "hostname": "WS-003", "user": "jkowalski", "mitre_tactic": "TA0003", "mitre_technique": "T1027", "raw_log": "SRC=10.0.1.7 DST=10.0.10.233 RULE=Sigma: PsExec Lateral Movement ACTION=ALERT", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0150", "timestamp": "2024-11-15T17:27:39.000Z", "level": "INFO", "severity": 1, "category": "vpn", "rule_name": "Sigma: PsExec Lateral Movement", "src_ip": "55.95.140.72", "src_port": 17131, "dst_ip": "10.0.2.10", "dst_port": 3306, "protocol": "HTTPS", "action": "ALERT", "hostname": "WS-027", "user": "bwiśniewski", "mitre_tactic": "TA0001", "mitre_technique": "T1078", "raw_log": "SRC=55.95.140.72 DST=10.0.2.10 RULE=ET TROJAN Emotet Variant ACTION=ALERT", "false_positive": true, "acknowledged": true }, { "id": "ALERT-2024-0151", "timestamp": "2024-11-15T17:34:50.000Z", "level": "ERROR", "severity": 7, "category": "auth", "rule_name": "ET MALWARE Meterpreter", "src_ip": "10.0.0.99", "src_port": 23570, "dst_ip": "10.0.30.124", "dst_port": 8443, "protocol": "RDP", "action": "BLOCK", "hostname": "WS-021", "user": "pkaminski", "mitre_tactic": "TA0001", "mitre_technique": "T1021.001", "raw_log": "SRC=10.0.0.99 DST=10.0.30.124 RULE=Sigma: PsExec Lateral Movement ACTION=DENY", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0152", "timestamp": "2024-11-15T17:43:50.000Z", "level": "INFO", "severity": 1, "category": "email", "rule_name": "Custom: Powershell Download Cradle", "src_ip": "10.0.10.251", "src_port": 49327, "dst_ip": "64.123.136.137", "dst_port": 22, "protocol": "HTTP", "action": "BLOCK", "hostname": "WS-025", "user": "NT AUTHORITY", "mitre_tactic": "TA0003", "mitre_technique": "T1110", "raw_log": "SRC=10.0.10.251 DST=64.123.136.137 RULE=ET INFO DNS Lookup Known C2 ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0153", "timestamp": "2024-11-15T17:45:53.000Z", "level": "INFO", "severity": 1, "category": "firewall", "rule_name": "Custom: Mass Auth Failure", "src_ip": "10.0.30.244", "src_port": 58802, "dst_ip": "10.0.2.146", "dst_port": 443, "protocol": "SMB", "action": "DROP", "hostname": "WS-012", "user": "anowak", "mitre_tactic": "TA0001", "mitre_technique": "T1055", "raw_log": "SRC=10.0.30.244 DST=10.0.2.146 RULE=Sigma: PsExec Lateral Movement ACTION=DENY", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0154", "timestamp": "2024-11-15T17:52:37.000Z", "level": "INFO", "severity": 1, "category": "auth", "rule_name": "Custom: High Entropy DNS", "src_ip": "10.0.30.185", "src_port": 61135, "dst_ip": "206.165.30.6", "dst_port": 25, "protocol": "UDP", "action": "BLOCK", "hostname": "WS-024", "user": "tmazur", "mitre_tactic": "TA0011", "mitre_technique": "T1071", "raw_log": "SRC=10.0.30.185 DST=206.165.30.6 RULE=Sigma: PsExec Lateral Movement ACTION=ALLOW", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0155", "timestamp": "2024-11-15T18:03:37.000Z", "level": "CRITICAL", "severity": 10, "category": "vpn", "rule_name": "Custom: Unusual Port 4444", "src_ip": "10.0.100.168", "src_port": 12515, "dst_ip": "10.0.30.59", "dst_port": 139, "protocol": "HTTPS", "action": "DROP", "hostname": "WS-009", "user": null, "mitre_tactic": "TA0001", "mitre_technique": "T1016", "raw_log": "SRC=10.0.100.168 DST=10.0.30.59 RULE=Sigma: PsExec Lateral Movement ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0156", "timestamp": "2024-11-15T18:07:47.000Z", "level": "WARNING", "severity": 3, "category": "endpoint", "rule_name": "ET MALWARE CobaltStrike Beacon", "src_ip": "10.0.10.165", "src_port": 16621, "dst_ip": "10.0.100.38", "dst_port": 135, "protocol": "DNS", "action": "DENY", "hostname": "SRV-12", "user": "anowak", "mitre_tactic": "TA0011", "mitre_technique": "T1082", "raw_log": "SRC=10.0.10.165 DST=10.0.100.38 RULE=Custom: High Entropy DNS ACTION=DROP", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0157", "timestamp": "2024-11-15T18:13:56.000Z", "level": "INFO", "severity": 1, "category": "ids", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "202.55.0.13", "src_port": 33338, "dst_ip": "10.0.50.250", "dst_port": 8443, "protocol": "FTP", "action": "DROP", "hostname": "SRV-06", "user": "NT AUTHORITY", "mitre_tactic": "TA0008", "mitre_technique": "T1560", "raw_log": "SRC=202.55.0.13 DST=10.0.50.250 RULE=Custom: Unusual Port 4444 ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0158", "timestamp": "2024-11-15T18:20:56.000Z", "level": "INFO", "severity": 1, "category": "ids", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "10.0.0.77", "src_port": 11569, "dst_ip": "67.53.37.88", "dst_port": 3389, "protocol": "UDP", "action": "BLOCK", "hostname": "WS-006", "user": "admin", "mitre_tactic": "TA0008", "mitre_technique": "T1016", "raw_log": "SRC=10.0.0.77 DST=67.53.37.88 RULE=ET SCAN Nmap Scan ACTION=ALERT", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0159", "timestamp": "2024-11-15T18:28:19.000Z", "level": "ERROR", "severity": 7, "category": "endpoint", "rule_name": "ET INFO DNS Lookup Known C2", "src_ip": "85.105.97.105", "src_port": 7309, "dst_ip": "10.0.20.171", "dst_port": 22, "protocol": "FTP", "action": "BLOCK", "hostname": "SRV-07", "user": "pkaminski", "mitre_tactic": "TA0001", "mitre_technique": "T1021.001", "raw_log": "SRC=85.105.97.105 DST=10.0.20.171 RULE=ET SCAN Nmap Scan ACTION=ALERT", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0160", "timestamp": "2024-11-15T18:39:25.000Z", "level": "WARNING", "severity": 3, "category": "email", "rule_name": "ET MALWARE Meterpreter", "src_ip": "7.105.87.164", "src_port": 33077, "dst_ip": "21.242.59.79", "dst_port": 8443, "protocol": "HTTPS", "action": "ALLOW", "hostname": "SRV-13", "user": "pkaminski", "mitre_tactic": "TA0006", "mitre_technique": "T1027", "raw_log": "SRC=7.105.87.164 DST=21.242.59.79 RULE=ET EXPLOIT EternalBlue ACTION=DROP", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0161", "timestamp": "2024-11-15T18:45:22.000Z", "level": "WARNING", "severity": 3, "category": "dns", "rule_name": "Custom: Mass Auth Failure", "src_ip": "69.31.77.193", "src_port": 36508, "dst_ip": "10.0.1.23", "dst_port": 139, "protocol": "RDP", "action": "DENY", "hostname": "SRV-07", "user": null, "mitre_tactic": "TA0007", "mitre_technique": "T1048", "raw_log": "SRC=69.31.77.193 DST=10.0.1.23 RULE=Sigma: Mimikatz Execution ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0162", "timestamp": "2024-11-15T18:51:57.000Z", "level": "CRITICAL", "severity": 10, "category": "auth", "rule_name": "Sigma: Mimikatz Execution", "src_ip": "10.0.1.103", "src_port": 53482, "dst_ip": "10.0.0.130", "dst_port": 1433, "protocol": "RDP", "action": "DENY", "hostname": "WS-008", "user": "bwiśniewski", "mitre_tactic": "TA0003", "mitre_technique": "T1110", "raw_log": "SRC=10.0.1.103 DST=10.0.0.130 RULE=ET INFO DNS Lookup Known C2 ACTION=DENY", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0163", "timestamp": "2024-11-15T18:57:35.000Z", "level": "CRITICAL", "severity": 10, "category": "vpn", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "211.75.132.82", "src_port": 37203, "dst_ip": "10.0.1.24", "dst_port": 135, "protocol": "HTTPS", "action": "BLOCK", "hostname": "SRV-01", "user": "jkowalski", "mitre_tactic": "TA0010", "mitre_technique": "T1003", "raw_log": "SRC=211.75.132.82 DST=10.0.1.24 RULE=Sigma: Mimikatz Execution ACTION=ALERT", "false_positive": true, "acknowledged": true }, { "id": "ALERT-2024-0164", "timestamp": "2024-11-15T19:04:41.000Z", "level": "WARNING", "severity": 3, "category": "ids", "rule_name": "ET MALWARE Meterpreter", "src_ip": "10.0.1.203", "src_port": 38512, "dst_ip": "138.176.210.68", "dst_port": 1433, "protocol": "SSH", "action": "ALLOW", "hostname": "WS-012", "user": null, "mitre_tactic": "TA0003", "mitre_technique": "T1003", "raw_log": "SRC=10.0.1.203 DST=138.176.210.68 RULE=Sigma: PsExec Lateral Movement ACTION=ALERT", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0165", "timestamp": "2024-11-15T19:10:53.000Z", "level": "INFO", "severity": 1, "category": "auth", "rule_name": "ET MALWARE Meterpreter", "src_ip": "122.137.190.6", "src_port": 57269, "dst_ip": "10.0.20.81", "dst_port": 3389, "protocol": "UDP", "action": "DENY", "hostname": "WS-009", "user": "svc_scan", "mitre_tactic": "TA0008", "mitre_technique": "T1560", "raw_log": "SRC=122.137.190.6 DST=10.0.20.81 RULE=Custom: Unusual Port 4444 ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0166", "timestamp": "2024-11-15T19:15:32.000Z", "level": "WARNING", "severity": 3, "category": "auth", "rule_name": "Custom: Mass Auth Failure", "src_ip": "10.0.50.191", "src_port": 11442, "dst_ip": "10.0.30.212", "dst_port": 23, "protocol": "HTTPS", "action": "BLOCK", "hostname": "WS-026", "user": null, "mitre_tactic": "TA0009", "mitre_technique": "T1027", "raw_log": "SRC=10.0.50.191 DST=10.0.30.212 RULE=Sigma: PsExec Lateral Movement ACTION=ALLOW", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0167", "timestamp": "2024-11-15T19:22:43.000Z", "level": "INFO", "severity": 1, "category": "firewall", "rule_name": "ET SCAN Nmap Scan", "src_ip": "117.25.184.181", "src_port": 16879, "dst_ip": "95.237.203.163", "dst_port": 135, "protocol": "SSH", "action": "BLOCK", "hostname": "WS-029", "user": null, "mitre_tactic": "TA0008", "mitre_technique": "T1003", "raw_log": "SRC=117.25.184.181 DST=95.237.203.163 RULE=Sigma: Mimikatz Execution ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0168", "timestamp": "2024-11-15T19:30:41.000Z", "level": "INFO", "severity": 1, "category": "ids", "rule_name": "ET INFO DNS Lookup Known C2", "src_ip": "99.25.83.219", "src_port": 45437, "dst_ip": "10.0.10.221", "dst_port": 53, "protocol": "HTTPS", "action": "ALERT", "hostname": "SRV-04", "user": null, "mitre_tactic": "TA0011", "mitre_technique": "T1059.001", "raw_log": "SRC=99.25.83.219 DST=10.0.10.221 RULE=ET MALWARE Meterpreter ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0169", "timestamp": "2024-11-15T19:39:54.000Z", "level": "INFO", "severity": 1, "category": "dns", "rule_name": "ET SCAN Port Scan", "src_ip": "10.0.20.184", "src_port": 31104, "dst_ip": "10.0.20.110", "dst_port": 80, "protocol": "HTTP", "action": "ALERT", "hostname": "WS-020", "user": "NT AUTHORITY", "mitre_tactic": "TA0010", "mitre_technique": "T1071", "raw_log": "SRC=10.0.20.184 DST=10.0.20.110 RULE=Sigma: PsExec Lateral Movement ACTION=ALLOW", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0170", "timestamp": "2024-11-15T19:45:17.000Z", "level": "CRITICAL", "severity": 10, "category": "proxy", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "10.0.20.78", "src_port": 22332, "dst_ip": "10.0.100.18", "dst_port": 8080, "protocol": "HTTPS", "action": "DROP", "hostname": "SRV-13", "user": "svc_backup", "mitre_tactic": "TA0005", "mitre_technique": "T1055", "raw_log": "SRC=10.0.20.78 DST=10.0.100.18 RULE=ET POLICY RDP from External ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0171", "timestamp": "2024-11-15T19:53:25.000Z", "level": "ERROR", "severity": 7, "category": "vpn", "rule_name": "ET EXPLOIT EternalBlue", "src_ip": "10.0.2.186", "src_port": 49306, "dst_ip": "128.151.132.233", "dst_port": 22, "protocol": "RDP", "action": "BLOCK", "hostname": "WS-013", "user": "svc_scan", "mitre_tactic": "TA0004", "mitre_technique": "T1082", "raw_log": "SRC=10.0.2.186 DST=128.151.132.233 RULE=Sigma: Mimikatz Execution ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0172", "timestamp": "2024-11-15T20:02:57.000Z", "level": "WARNING", "severity": 3, "category": "endpoint", "rule_name": "ET SCAN Port Scan", "src_ip": "10.0.2.77", "src_port": 43913, "dst_ip": "33.132.93.243", "dst_port": 23, "protocol": "HTTP", "action": "DROP", "hostname": "WS-015", "user": "agórecka", "mitre_tactic": "TA0007", "mitre_technique": "T1560", "raw_log": "SRC=10.0.2.77 DST=33.132.93.243 RULE=Custom: Powershell Download Cradle ACTION=DROP", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0173", "timestamp": "2024-11-15T20:09:24.000Z", "level": "WARNING", "severity": 3, "category": "ids", "rule_name": "Sigma: Mimikatz Execution", "src_ip": "10.0.1.122", "src_port": 20577, "dst_ip": "10.0.1.224", "dst_port": 139, "protocol": "TCP", "action": "DENY", "hostname": "WS-009", "user": "tmazur", "mitre_tactic": "TA0007", "mitre_technique": "T1003", "raw_log": "SRC=10.0.1.122 DST=10.0.1.224 RULE=Custom: Powershell Download Cradle ACTION=ALERT", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0174", "timestamp": "2024-11-15T20:13:13.000Z", "level": "INFO", "severity": 1, "category": "ids", "rule_name": "Custom: Mass Auth Failure", "src_ip": "10.0.2.82", "src_port": 51718, "dst_ip": "10.0.0.117", "dst_port": 25, "protocol": "RDP", "action": "DENY", "hostname": "SRV-03", "user": "SYSTEM", "mitre_tactic": "TA0002", "mitre_technique": "T1110", "raw_log": "SRC=10.0.2.82 DST=10.0.0.117 RULE=Sigma: PsExec Lateral Movement ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0175", "timestamp": "2024-11-15T20:18:40.000Z", "level": "CRITICAL", "severity": 10, "category": "vpn", "rule_name": "Custom: High Entropy DNS", "src_ip": "137.102.191.244", "src_port": 17330, "dst_ip": "83.97.9.174", "dst_port": 53, "protocol": "DNS", "action": "DROP", "hostname": "WS-009", "user": null, "mitre_tactic": "TA0009", "mitre_technique": "T1003", "raw_log": "SRC=137.102.191.244 DST=83.97.9.174 RULE=ET TROJAN Emotet Variant ACTION=DENY", "false_positive": true, "acknowledged": true }, { "id": "ALERT-2024-0176", "timestamp": "2024-11-15T20:28:22.000Z", "level": "CRITICAL", "severity": 10, "category": "email", "rule_name": "Custom: Mass Auth Failure", "src_ip": "10.0.30.113", "src_port": 13372, "dst_ip": "10.0.2.89", "dst_port": 25, "protocol": "FTP", "action": "ALLOW", "hostname": "WS-015", "user": null, "mitre_tactic": "TA0003", "mitre_technique": "T1055", "raw_log": "SRC=10.0.30.113 DST=10.0.2.89 RULE=Custom: High Entropy DNS ACTION=ALLOW", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0177", "timestamp": "2024-11-15T20:38:01.000Z", "level": "INFO", "severity": 1, "category": "firewall", "rule_name": "ET SCAN Nmap Scan", "src_ip": "164.130.24.153", "src_port": 46227, "dst_ip": "10.0.1.169", "dst_port": 23, "protocol": "FTP", "action": "ALERT", "hostname": "WS-025", "user": null, "mitre_tactic": "TA0005", "mitre_technique": "T1566.001", "raw_log": "SRC=164.130.24.153 DST=10.0.1.169 RULE=Custom: High Entropy DNS ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0178", "timestamp": "2024-11-15T20:45:57.000Z", "level": "INFO", "severity": 1, "category": "vpn", "rule_name": "ET MALWARE CobaltStrike Beacon", "src_ip": "10.0.20.161", "src_port": 34551, "dst_ip": "10.0.2.109", "dst_port": 3389, "protocol": "RDP", "action": "ALLOW", "hostname": "WS-019", "user": null, "mitre_tactic": "TA0002", "mitre_technique": "T1566.001", "raw_log": "SRC=10.0.20.161 DST=10.0.2.109 RULE=ET INFO DNS Lookup Known C2 ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0179", "timestamp": "2024-11-15T20:49:21.000Z", "level": "WARNING", "severity": 3, "category": "auth", "rule_name": "ET INFO DNS Lookup Known C2", "src_ip": "105.151.82.11", "src_port": 1203, "dst_ip": "10.0.10.178", "dst_port": 22, "protocol": "UDP", "action": "ALLOW", "hostname": "SRV-08", "user": "pkaminski", "mitre_tactic": "TA0002", "mitre_technique": "T1560", "raw_log": "SRC=105.151.82.11 DST=10.0.10.178 RULE=Sigma: Mimikatz Execution ACTION=ALLOW", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0180", "timestamp": "2024-11-15T20:54:55.000Z", "level": "INFO", "severity": 1, "category": "auth", "rule_name": "ET SCAN Nmap Scan", "src_ip": "10.0.20.69", "src_port": 56876, "dst_ip": "10.0.1.210", "dst_port": 80, "protocol": "DNS", "action": "DROP", "hostname": "WS-028", "user": "anowak", "mitre_tactic": "TA0001", "mitre_technique": "T1059.001", "raw_log": "SRC=10.0.20.69 DST=10.0.1.210 RULE=Custom: Unusual Port 4444 ACTION=DENY", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0181", "timestamp": "2024-11-15T21:02:11.000Z", "level": "INFO", "severity": 1, "category": "email", "rule_name": "ET MALWARE CobaltStrike Beacon", "src_ip": "10.0.20.226", "src_port": 27289, "dst_ip": "10.0.30.210", "dst_port": 139, "protocol": "SSH", "action": "DROP", "hostname": "WS-025", "user": "bwiśniewski", "mitre_tactic": "TA0007", "mitre_technique": "T1082", "raw_log": "SRC=10.0.20.226 DST=10.0.30.210 RULE=Custom: Powershell Download Cradle ACTION=DENY", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0182", "timestamp": "2024-11-15T21:07:55.000Z", "level": "INFO", "severity": 1, "category": "endpoint", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "152.247.224.47", "src_port": 58692, "dst_ip": "10.0.30.158", "dst_port": 8080, "protocol": "ICMP", "action": "ALERT", "hostname": "SRV-03", "user": null, "mitre_tactic": "TA0007", "mitre_technique": "T1566.001", "raw_log": "SRC=152.247.224.47 DST=10.0.30.158 RULE=ET SCAN Nmap Scan ACTION=ALLOW", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0183", "timestamp": "2024-11-15T21:19:46.000Z", "level": "ERROR", "severity": 7, "category": "auth", "rule_name": "ET INFO DNS Lookup Known C2", "src_ip": "10.0.30.134", "src_port": 32607, "dst_ip": "10.0.1.112", "dst_port": 135, "protocol": "FTP", "action": "DENY", "hostname": "SRV-07", "user": "admin", "mitre_tactic": "TA0001", "mitre_technique": "T1059.001", "raw_log": "SRC=10.0.30.134 DST=10.0.1.112 RULE=Sigma: Scheduled Task Creation ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0184", "timestamp": "2024-11-15T21:22:35.000Z", "level": "WARNING", "severity": 3, "category": "endpoint", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "126.164.123.85", "src_port": 25838, "dst_ip": "10.0.0.131", "dst_port": 139, "protocol": "HTTP", "action": "ALLOW", "hostname": "SRV-01", "user": "admin", "mitre_tactic": "TA0008", "mitre_technique": "T1078", "raw_log": "SRC=126.164.123.85 DST=10.0.0.131 RULE=Custom: Unusual Port 4444 ACTION=ALERT", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0185", "timestamp": "2024-11-15T21:33:29.000Z", "level": "WARNING", "severity": 3, "category": "firewall", "rule_name": "ET SCAN Port Scan", "src_ip": "106.18.0.212", "src_port": 24836, "dst_ip": "155.155.105.168", "dst_port": 8080, "protocol": "TCP", "action": "DENY", "hostname": "SRV-01", "user": "SYSTEM", "mitre_tactic": "TA0010", "mitre_technique": "T1003", "raw_log": "SRC=106.18.0.212 DST=155.155.105.168 RULE=ET MALWARE Meterpreter ACTION=DROP", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0186", "timestamp": "2024-11-15T21:40:47.000Z", "level": "ERROR", "severity": 7, "category": "auth", "rule_name": "Custom: High Entropy DNS", "src_ip": "91.149.191.180", "src_port": 27842, "dst_ip": "43.252.71.211", "dst_port": 23, "protocol": "HTTPS", "action": "BLOCK", "hostname": "WS-013", "user": null, "mitre_tactic": "TA0007", "mitre_technique": "T1055", "raw_log": "SRC=91.149.191.180 DST=43.252.71.211 RULE=ET MALWARE Meterpreter ACTION=DENY", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0187", "timestamp": "2024-11-15T21:45:00.000Z", "level": "WARNING", "severity": 3, "category": "ids", "rule_name": "Sigma: Mimikatz Execution", "src_ip": "10.0.100.119", "src_port": 49272, "dst_ip": "10.0.2.248", "dst_port": 22, "protocol": "SMB", "action": "ALERT", "hostname": "SRV-09", "user": "mlewandowski", "mitre_tactic": "TA0003", "mitre_technique": "T1016", "raw_log": "SRC=10.0.100.119 DST=10.0.2.248 RULE=Sigma: PsExec Lateral Movement ACTION=DENY", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0188", "timestamp": "2024-11-15T21:52:21.000Z", "level": "INFO", "severity": 1, "category": "proxy", "rule_name": "ET TROJAN Emotet Variant", "src_ip": "10.0.50.109", "src_port": 30701, "dst_ip": "10.0.10.72", "dst_port": 4444, "protocol": "ICMP", "action": "DENY", "hostname": "WS-027", "user": "svc_scan", "mitre_tactic": "TA0009", "mitre_technique": "T1543", "raw_log": "SRC=10.0.50.109 DST=10.0.10.72 RULE=Custom: Unusual Port 4444 ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0189", "timestamp": "2024-11-15T22:00:44.000Z", "level": "CRITICAL", "severity": 10, "category": "auth", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "160.148.176.236", "src_port": 22151, "dst_ip": "10.0.2.130", "dst_port": 3389, "protocol": "UDP", "action": "DROP", "hostname": "SRV-07", "user": "admin", "mitre_tactic": "TA0011", "mitre_technique": "T1016", "raw_log": "SRC=160.148.176.236 DST=10.0.2.130 RULE=ET EXPLOIT EternalBlue ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0190", "timestamp": "2024-11-15T22:05:09.000Z", "level": "ERROR", "severity": 7, "category": "ids", "rule_name": "Custom: Unusual Port 4444", "src_ip": "38.27.28.52", "src_port": 5089, "dst_ip": "202.82.146.175", "dst_port": 3389, "protocol": "HTTPS", "action": "DENY", "hostname": "PROXY-01", "user": "tmazur", "mitre_tactic": "TA0008", "mitre_technique": "T1078", "raw_log": "SRC=38.27.28.52 DST=202.82.146.175 RULE=Sigma: PsExec Lateral Movement ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0191", "timestamp": "2024-11-15T22:13:50.000Z", "level": "WARNING", "severity": 3, "category": "auth", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "10.0.20.179", "src_port": 21514, "dst_ip": "10.0.50.101", "dst_port": 445, "protocol": "TCP", "action": "ALLOW", "hostname": "MAIL-01", "user": null, "mitre_tactic": "TA0010", "mitre_technique": "T1048", "raw_log": "SRC=10.0.20.179 DST=10.0.50.101 RULE=Custom: Mass Auth Failure ACTION=ALERT", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0192", "timestamp": "2024-11-15T22:20:11.000Z", "level": "ERROR", "severity": 7, "category": "proxy", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "10.0.10.200", "src_port": 5904, "dst_ip": "10.0.10.77", "dst_port": 25, "protocol": "ICMP", "action": "BLOCK", "hostname": "WS-008", "user": "kzielinska", "mitre_tactic": "TA0005", "mitre_technique": "T1047", "raw_log": "SRC=10.0.10.200 DST=10.0.10.77 RULE=ET TROJAN Emotet Variant ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0193", "timestamp": "2024-11-15T22:30:36.000Z", "level": "INFO", "severity": 1, "category": "email", "rule_name": "Sigma: Mimikatz Execution", "src_ip": "10.0.2.12", "src_port": 24491, "dst_ip": "83.26.154.126", "dst_port": 23, "protocol": "DNS", "action": "BLOCK", "hostname": "WS-015", "user": "mlewandowski", "mitre_tactic": "TA0002", "mitre_technique": "T1560", "raw_log": "SRC=10.0.2.12 DST=83.26.154.126 RULE=Sigma: Mimikatz Execution ACTION=DENY", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0194", "timestamp": "2024-11-15T22:37:39.000Z", "level": "INFO", "severity": 1, "category": "auth", "rule_name": "Sigma: Mimikatz Execution", "src_ip": "10.0.30.86", "src_port": 32144, "dst_ip": "10.0.10.245", "dst_port": 445, "protocol": "TCP", "action": "ALLOW", "hostname": "SRV-14", "user": "mwojcik", "mitre_tactic": "TA0011", "mitre_technique": "T1003", "raw_log": "SRC=10.0.30.86 DST=10.0.10.245 RULE=Custom: Powershell Download Cradle ACTION=BLOCK", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0195", "timestamp": "2024-11-15T22:42:52.000Z", "level": "ERROR", "severity": 7, "category": "vpn", "rule_name": "Custom: Mass Auth Failure", "src_ip": "10.0.1.100", "src_port": 25597, "dst_ip": "186.144.12.234", "dst_port": 445, "protocol": "SMB", "action": "ALERT", "hostname": "SRV-03", "user": null, "mitre_tactic": "TA0011", "mitre_technique": "T1055", "raw_log": "SRC=10.0.1.100 DST=186.144.12.234 RULE=ET SCAN Port Scan ACTION=BLOCK", "false_positive": true, "acknowledged": true }, { "id": "ALERT-2024-0196", "timestamp": "2024-11-15T22:50:27.000Z", "level": "CRITICAL", "severity": 10, "category": "firewall", "rule_name": "Custom: Unusual Port 4444", "src_ip": "10.0.10.173", "src_port": 7834, "dst_ip": "10.0.10.223", "dst_port": 53, "protocol": "SMB", "action": "ALERT", "hostname": "SRV-13", "user": "anowak", "mitre_tactic": "TA0011", "mitre_technique": "T1110", "raw_log": "SRC=10.0.10.173 DST=10.0.10.223 RULE=ET SCAN Nmap Scan ACTION=ALERT", "false_positive": false, "acknowledged": true }, { "id": "ALERT-2024-0197", "timestamp": "2024-11-15T22:55:28.000Z", "level": "INFO", "severity": 1, "category": "endpoint", "rule_name": "Sigma: Scheduled Task Creation", "src_ip": "10.0.1.149", "src_port": 27529, "dst_ip": "10.0.20.106", "dst_port": 139, "protocol": "DNS", "action": "ALLOW", "hostname": "WS-025", "user": "mlewandowski", "mitre_tactic": "TA0001", "mitre_technique": "T1082", "raw_log": "SRC=10.0.1.149 DST=10.0.20.106 RULE=Custom: High Entropy DNS ACTION=BLOCK", "false_positive": true, "acknowledged": false }, { "id": "ALERT-2024-0198", "timestamp": "2024-11-15T23:05:59.000Z", "level": "INFO", "severity": 1, "category": "ids", "rule_name": "ET MALWARE Meterpreter", "src_ip": "129.54.148.202", "src_port": 26020, "dst_ip": "10.0.1.74", "dst_port": 139, "protocol": "TCP", "action": "ALERT", "hostname": "WS-011", "user": "pkaminski", "mitre_tactic": "TA0007", "mitre_technique": "T1560", "raw_log": "SRC=129.54.148.202 DST=10.0.1.74 RULE=Custom: Mass Auth Failure ACTION=BLOCK", "false_positive": false, "acknowledged": false }, { "id": "ALERT-2024-0199", "timestamp": "2024-11-15T23:06:00.000Z", "level": "INFO", "severity": 1, "category": "proxy", "rule_name": "Sigma: PsExec Lateral Movement", "src_ip": "10.0.0.143", "src_port": 40126, "dst_ip": "10.0.2.33", "dst_port": 139, "protocol": "SMB", "action": "BLOCK", "hostname": "WS-006", "user": "svc_scan", "mitre_tactic": "TA0006", "mitre_technique": "T1055", "raw_log": "SRC=10.0.0.143 DST=10.0.2.33 RULE=ET EXPLOIT EternalBlue ACTION=BLOCK", "false_positive": true, "acknowledged": true }, { "id": "ALERT-2024-0200", "timestamp": "2024-11-15T23:13:16.000Z", "level": "WARNING", "severity": 3, "category": "dns", "rule_name": "ET MALWARE CobaltStrike Beacon", "src_ip": "47.27.236.166", "src_port": 13961, "dst_ip": "10.0.20.173", "dst_port": 3389, "protocol": "RDP", "action": "ALERT", "hostname": "WS-022", "user": "svc_backup", "mitre_tactic": "TA0011", "mitre_technique": "T1055", "raw_log": "SRC=47.27.236.166 DST=10.0.20.173 RULE=ET MALWARE CobaltStrike Beacon ACTION=DROP", "false_positive": false, "acknowledged": false } ], "events": [ { "event_id": "EVT-00001", "timestamp": "2024-11-15T00:04:42.000Z", "type": "authentication", "subtype": "failed_logon", "user": "tmazur", "hostname": "WS-022", "src_ip": "10.0.2.146", "success": true, "logon_type": 7, "process": "svchost.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "WS-022", "failure_reason": null }, { "event_id": "EVT-00002", "timestamp": "2024-11-15T00:06:45.000Z", "type": "authentication", "subtype": "privilege_use", "user": "pkaminski", "hostname": "WS-016", "src_ip": "10.0.20.217", "success": false, "logon_type": 4, "process": "winlogon.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "WS-016", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00003", "timestamp": "2024-11-15T00:13:35.000Z", "type": "authentication", "subtype": "logon", "user": "bwiśniewski", "hostname": "WS-020", "src_ip": "10.0.2.167", "success": true, "logon_type": 7, "process": "lsass.exe", "windows_event_id": 4768, "domain": "CORP", "workstation": "WS-020", "failure_reason": null }, { "event_id": "EVT-00004", "timestamp": "2024-11-15T00:15:46.000Z", "type": "authentication", "subtype": "logon", "user": "mlewandowski", "hostname": "FS-02", "src_ip": "10.0.0.219", "success": false, "logon_type": 7, "process": "wscript.exe", "windows_event_id": 4624, "domain": "LOCAL", "workstation": "FS-02", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00005", "timestamp": "2024-11-15T00:24:16.000Z", "type": "authentication", "subtype": "account_lockout", "user": "SYSTEM", "hostname": "WS-003", "src_ip": "10.0.100.169", "success": true, "logon_type": 3, "process": "svchost.exe", "windows_event_id": 4771, "domain": "CORP", "workstation": "WS-003", "failure_reason": null }, { "event_id": "EVT-00006", "timestamp": "2024-11-15T00:26:29.000Z", "type": "authentication", "subtype": "account_lockout", "user": "SYSTEM", "hostname": "WS-019", "src_ip": "10.0.1.103", "success": true, "logon_type": 4, "process": "cmd.exe", "windows_event_id": 4624, "domain": "LOCAL", "workstation": "WS-019", "failure_reason": null }, { "event_id": "EVT-00007", "timestamp": "2024-11-15T00:31:48.000Z", "type": "authentication", "subtype": "account_lockout", "user": "mwojcik", "hostname": "SRV-11", "src_ip": "10.0.2.116", "success": true, "logon_type": 3, "process": "winlogon.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "SRV-11", "failure_reason": null }, { "event_id": "EVT-00008", "timestamp": "2024-11-15T00:35:14.000Z", "type": "authentication", "subtype": "privilege_use", "user": "svc_scan", "hostname": "WS-023", "src_ip": "10.0.10.18", "success": true, "logon_type": 4, "process": "svchost.exe", "windows_event_id": 4648, "domain": "CORP", "workstation": "WS-023", "failure_reason": null }, { "event_id": "EVT-00009", "timestamp": "2024-11-15T00:43:30.000Z", "type": "authentication", "subtype": "privilege_use", "user": "svc_backup", "hostname": "WS-024", "src_ip": "10.0.0.12", "success": false, "logon_type": 10, "process": "svchost.exe", "windows_event_id": 4625, "domain": "LOCAL", "workstation": "WS-024", "failure_reason": "Account expired" }, { "event_id": "EVT-00010", "timestamp": "2024-11-15T00:49:36.000Z", "type": "authentication", "subtype": "logoff", "user": "NT AUTHORITY", "hostname": "SRV-09", "src_ip": "10.0.50.169", "success": true, "logon_type": 5, "process": "svchost.exe", "windows_event_id": 4625, "domain": "LOCAL", "workstation": "SRV-09", "failure_reason": null }, { "event_id": "EVT-00011", "timestamp": "2024-11-15T00:54:25.000Z", "type": "authentication", "subtype": "failed_logon", "user": "agórecka", "hostname": "WS-015", "src_ip": "10.0.30.126", "success": true, "logon_type": 5, "process": "cmd.exe", "windows_event_id": 4624, "domain": "LOCAL", "workstation": "WS-015", "failure_reason": null }, { "event_id": "EVT-00012", "timestamp": "2024-11-15T00:55:32.000Z", "type": "authentication", "subtype": "failed_logon", "user": "pkaminski", "hostname": "WS-015", "src_ip": "10.0.10.40", "success": true, "logon_type": 3, "process": "winlogon.exe", "windows_event_id": 4769, "domain": "LOCAL", "workstation": "WS-015", "failure_reason": null }, { "event_id": "EVT-00013", "timestamp": "2024-11-15T01:01:26.000Z", "type": "authentication", "subtype": "failed_logon", "user": "svc_scan", "hostname": "SRV-14", "src_ip": "10.0.1.125", "success": true, "logon_type": 10, "process": "powershell.exe", "windows_event_id": 4776, "domain": "CORP", "workstation": "SRV-14", "failure_reason": null }, { "event_id": "EVT-00014", "timestamp": "2024-11-15T01:05:15.000Z", "type": "authentication", "subtype": "logon", "user": "admin", "hostname": "WS-027", "src_ip": "10.0.2.148", "success": false, "logon_type": 7, "process": "winlogon.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "WS-027", "failure_reason": "Bad password" }, { "event_id": "EVT-00015", "timestamp": "2024-11-15T01:12:59.000Z", "type": "authentication", "subtype": "logoff", "user": "admin", "hostname": "WS-011", "src_ip": "10.0.50.155", "success": false, "logon_type": 7, "process": "wscript.exe", "windows_event_id": 4624, "domain": "LOCAL", "workstation": "WS-011", "failure_reason": "Account expired" }, { "event_id": "EVT-00016", "timestamp": "2024-11-15T01:18:55.000Z", "type": "authentication", "subtype": "privilege_use", "user": "anowak", "hostname": "SRV-10", "src_ip": "10.0.2.58", "success": false, "logon_type": 5, "process": "cmd.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "SRV-10", "failure_reason": "Account locked" }, { "event_id": "EVT-00017", "timestamp": "2024-11-15T01:21:46.000Z", "type": "authentication", "subtype": "failed_logon", "user": "admin", "hostname": "WS-017", "src_ip": "10.0.100.154", "success": true, "logon_type": 7, "process": "lsass.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "WS-017", "failure_reason": null }, { "event_id": "EVT-00018", "timestamp": "2024-11-15T01:26:33.000Z", "type": "authentication", "subtype": "account_lockout", "user": "kzielinska", "hostname": "WS-002", "src_ip": "10.0.50.213", "success": false, "logon_type": 3, "process": "cmd.exe", "windows_event_id": 4625, "domain": "CORP", "workstation": "WS-002", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00019", "timestamp": "2024-11-15T01:34:48.000Z", "type": "authentication", "subtype": "logon", "user": "admin", "hostname": "SRV-06", "src_ip": "10.0.1.125", "success": true, "logon_type": 10, "process": "winlogon.exe", "windows_event_id": 4624, "domain": "LOCAL", "workstation": "SRV-06", "failure_reason": null }, { "event_id": "EVT-00020", "timestamp": "2024-11-15T01:37:55.000Z", "type": "authentication", "subtype": "logon", "user": "svc_backup", "hostname": "WS-027", "src_ip": "10.0.50.60", "success": true, "logon_type": 5, "process": "powershell.exe", "windows_event_id": 4769, "domain": "LOCAL", "workstation": "WS-027", "failure_reason": null }, { "event_id": "EVT-00021", "timestamp": "2024-11-15T01:44:06.000Z", "type": "authentication", "subtype": "privilege_use", "user": "SYSTEM", "hostname": "PROXY-01", "src_ip": "10.0.2.67", "success": true, "logon_type": 5, "process": "winlogon.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "PROXY-01", "failure_reason": null }, { "event_id": "EVT-00022", "timestamp": "2024-11-15T01:47:12.000Z", "type": "authentication", "subtype": "logon", "user": "admin", "hostname": "WS-027", "src_ip": "10.0.0.149", "success": true, "logon_type": 7, "process": "lsass.exe", "windows_event_id": 4624, "domain": "WORKGROUP", "workstation": "WS-027", "failure_reason": null }, { "event_id": "EVT-00023", "timestamp": "2024-11-15T01:53:23.000Z", "type": "authentication", "subtype": "logon", "user": "svc_backup", "hostname": "WS-021", "src_ip": "10.0.2.111", "success": false, "logon_type": 10, "process": "cmd.exe", "windows_event_id": 4768, "domain": "WORKGROUP", "workstation": "WS-021", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00024", "timestamp": "2024-11-15T01:58:48.000Z", "type": "authentication", "subtype": "logoff", "user": "admin", "hostname": "WS-018", "src_ip": "10.0.50.143", "success": true, "logon_type": 7, "process": "powershell.exe", "windows_event_id": 4634, "domain": "WORKGROUP", "workstation": "WS-018", "failure_reason": null }, { "event_id": "EVT-00025", "timestamp": "2024-11-15T02:02:36.000Z", "type": "authentication", "subtype": "failed_logon", "user": "mlewandowski", "hostname": "WS-017", "src_ip": "10.0.50.190", "success": true, "logon_type": 3, "process": "wscript.exe", "windows_event_id": 4625, "domain": "LOCAL", "workstation": "WS-017", "failure_reason": null }, { "event_id": "EVT-00026", "timestamp": "2024-11-15T02:06:06.000Z", "type": "authentication", "subtype": "logoff", "user": "mwojcik", "hostname": "DC-02", "src_ip": "10.0.50.203", "success": true, "logon_type": 4, "process": "cmd.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "DC-02", "failure_reason": null }, { "event_id": "EVT-00027", "timestamp": "2024-11-15T02:10:52.000Z", "type": "authentication", "subtype": "logoff", "user": "kzielinska", "hostname": "WS-001", "src_ip": "10.0.100.239", "success": true, "logon_type": 7, "process": "powershell.exe", "windows_event_id": 4625, "domain": "CORP", "workstation": "WS-001", "failure_reason": null }, { "event_id": "EVT-00028", "timestamp": "2024-11-15T02:19:02.000Z", "type": "authentication", "subtype": "privilege_use", "user": "agórecka", "hostname": "WS-006", "src_ip": "10.0.50.159", "success": false, "logon_type": 10, "process": "cmd.exe", "windows_event_id": 4768, "domain": "LOCAL", "workstation": "WS-006", "failure_reason": "Bad password" }, { "event_id": "EVT-00029", "timestamp": "2024-11-15T02:23:28.000Z", "type": "authentication", "subtype": "logon", "user": "SYSTEM", "hostname": "SRV-12", "src_ip": "10.0.10.219", "success": true, "logon_type": 10, "process": "cmd.exe", "windows_event_id": 4768, "domain": "CORP", "workstation": "SRV-12", "failure_reason": null }, { "event_id": "EVT-00030", "timestamp": "2024-11-15T02:29:44.000Z", "type": "authentication", "subtype": "logoff", "user": "jkowalski", "hostname": "SRV-04", "src_ip": "10.0.2.174", "success": true, "logon_type": 2, "process": "svchost.exe", "windows_event_id": 4648, "domain": "LOCAL", "workstation": "SRV-04", "failure_reason": null }, { "event_id": "EVT-00031", "timestamp": "2024-11-15T02:32:49.000Z", "type": "authentication", "subtype": "privilege_use", "user": "jkowalski", "hostname": "WS-006", "src_ip": "10.0.30.173", "success": true, "logon_type": 5, "process": "powershell.exe", "windows_event_id": 4648, "domain": "LOCAL", "workstation": "WS-006", "failure_reason": null }, { "event_id": "EVT-00032", "timestamp": "2024-11-15T02:35:35.000Z", "type": "authentication", "subtype": "failed_logon", "user": "jkowalski", "hostname": "WS-005", "src_ip": "10.0.30.90", "success": true, "logon_type": 4, "process": "winlogon.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "WS-005", "failure_reason": null }, { "event_id": "EVT-00033", "timestamp": "2024-11-15T02:41:26.000Z", "type": "authentication", "subtype": "account_lockout", "user": "kzielinska", "hostname": "WS-017", "src_ip": "10.0.1.145", "success": true, "logon_type": 2, "process": "cmd.exe", "windows_event_id": 4768, "domain": "WORKGROUP", "workstation": "WS-017", "failure_reason": null }, { "event_id": "EVT-00034", "timestamp": "2024-11-15T02:49:52.000Z", "type": "authentication", "subtype": "account_lockout", "user": "anowak", "hostname": "WS-017", "src_ip": "10.0.20.179", "success": true, "logon_type": 5, "process": "powershell.exe", "windows_event_id": 4776, "domain": "CORP", "workstation": "WS-017", "failure_reason": null }, { "event_id": "EVT-00035", "timestamp": "2024-11-15T02:53:57.000Z", "type": "authentication", "subtype": "account_lockout", "user": "SYSTEM", "hostname": "SRV-01", "src_ip": "10.0.0.125", "success": true, "logon_type": 2, "process": "svchost.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "SRV-01", "failure_reason": null }, { "event_id": "EVT-00036", "timestamp": "2024-11-15T02:56:51.000Z", "type": "authentication", "subtype": "failed_logon", "user": "svc_backup", "hostname": "WS-015", "src_ip": "10.0.50.246", "success": true, "logon_type": 4, "process": "cmd.exe", "windows_event_id": 4624, "domain": "LOCAL", "workstation": "WS-015", "failure_reason": null }, { "event_id": "EVT-00037", "timestamp": "2024-11-15T03:00:25.000Z", "type": "authentication", "subtype": "failed_logon", "user": "NT AUTHORITY", "hostname": "WS-019", "src_ip": "10.0.1.143", "success": true, "logon_type": 3, "process": "powershell.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "WS-019", "failure_reason": null }, { "event_id": "EVT-00038", "timestamp": "2024-11-15T03:06:47.000Z", "type": "authentication", "subtype": "logoff", "user": "mwojcik", "hostname": "WS-018", "src_ip": "10.0.100.190", "success": true, "logon_type": 3, "process": "winlogon.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "WS-018", "failure_reason": null }, { "event_id": "EVT-00039", "timestamp": "2024-11-15T03:14:22.000Z", "type": "authentication", "subtype": "logoff", "user": "mwojcik", "hostname": "WS-016", "src_ip": "10.0.1.32", "success": false, "logon_type": 2, "process": "wscript.exe", "windows_event_id": 4776, "domain": "LOCAL", "workstation": "WS-016", "failure_reason": "Bad password" }, { "event_id": "EVT-00040", "timestamp": "2024-11-15T03:18:23.000Z", "type": "authentication", "subtype": "account_lockout", "user": "SYSTEM", "hostname": "WS-003", "src_ip": "10.0.30.128", "success": true, "logon_type": 7, "process": "svchost.exe", "windows_event_id": 4776, "domain": "CORP", "workstation": "WS-003", "failure_reason": null }, { "event_id": "EVT-00041", "timestamp": "2024-11-15T03:23:14.000Z", "type": "authentication", "subtype": "account_lockout", "user": "SYSTEM", "hostname": "WS-018", "src_ip": "10.0.2.15", "success": true, "logon_type": 7, "process": "powershell.exe", "windows_event_id": 4776, "domain": "LOCAL", "workstation": "WS-018", "failure_reason": null }, { "event_id": "EVT-00042", "timestamp": "2024-11-15T03:26:29.000Z", "type": "authentication", "subtype": "logon", "user": "jkowalski", "hostname": "WS-026", "src_ip": "10.0.100.82", "success": true, "logon_type": 10, "process": "lsass.exe", "windows_event_id": 4624, "domain": "LOCAL", "workstation": "WS-026", "failure_reason": null }, { "event_id": "EVT-00043", "timestamp": "2024-11-15T03:32:23.000Z", "type": "authentication", "subtype": "account_lockout", "user": "mwojcik", "hostname": "WS-007", "src_ip": "10.0.20.49", "success": true, "logon_type": 7, "process": "svchost.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "WS-007", "failure_reason": null }, { "event_id": "EVT-00044", "timestamp": "2024-11-15T03:37:11.000Z", "type": "authentication", "subtype": "privilege_use", "user": "bwiśniewski", "hostname": "WS-022", "src_ip": "10.0.50.55", "success": true, "logon_type": 5, "process": "wscript.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "WS-022", "failure_reason": null }, { "event_id": "EVT-00045", "timestamp": "2024-11-15T03:41:36.000Z", "type": "authentication", "subtype": "logoff", "user": "NT AUTHORITY", "hostname": "WS-029", "src_ip": "10.0.10.210", "success": true, "logon_type": 2, "process": "wscript.exe", "windows_event_id": 4768, "domain": "CORP", "workstation": "WS-029", "failure_reason": null }, { "event_id": "EVT-00046", "timestamp": "2024-11-15T03:46:09.000Z", "type": "authentication", "subtype": "logoff", "user": "mlewandowski", "hostname": "WS-025", "src_ip": "10.0.100.208", "success": true, "logon_type": 2, "process": "winlogon.exe", "windows_event_id": 4771, "domain": "WORKGROUP", "workstation": "WS-025", "failure_reason": null }, { "event_id": "EVT-00047", "timestamp": "2024-11-15T03:54:34.000Z", "type": "authentication", "subtype": "failed_logon", "user": "pkaminski", "hostname": "SRV-12", "src_ip": "10.0.100.78", "success": true, "logon_type": 4, "process": "cmd.exe", "windows_event_id": 4624, "domain": "WORKGROUP", "workstation": "SRV-12", "failure_reason": null }, { "event_id": "EVT-00048", "timestamp": "2024-11-15T03:56:52.000Z", "type": "authentication", "subtype": "failed_logon", "user": "anowak", "hostname": "WS-004", "src_ip": "10.0.100.216", "success": true, "logon_type": 10, "process": "lsass.exe", "windows_event_id": 4776, "domain": "LOCAL", "workstation": "WS-004", "failure_reason": null }, { "event_id": "EVT-00049", "timestamp": "2024-11-15T04:04:35.000Z", "type": "authentication", "subtype": "failed_logon", "user": "tmazur", "hostname": "WS-024", "src_ip": "10.0.30.7", "success": true, "logon_type": 5, "process": "lsass.exe", "windows_event_id": 4769, "domain": "LOCAL", "workstation": "WS-024", "failure_reason": null }, { "event_id": "EVT-00050", "timestamp": "2024-11-15T04:09:11.000Z", "type": "authentication", "subtype": "failed_logon", "user": "admin", "hostname": "SRV-08", "src_ip": "10.0.30.85", "success": false, "logon_type": 10, "process": "cmd.exe", "windows_event_id": 4776, "domain": "LOCAL", "workstation": "SRV-08", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00051", "timestamp": "2024-11-15T04:13:40.000Z", "type": "authentication", "subtype": "logoff", "user": "anowak", "hostname": "WS-019", "src_ip": "10.0.2.165", "success": true, "logon_type": 4, "process": "powershell.exe", "windows_event_id": 4771, "domain": "CORP", "workstation": "WS-019", "failure_reason": null }, { "event_id": "EVT-00052", "timestamp": "2024-11-15T04:17:20.000Z", "type": "authentication", "subtype": "failed_logon", "user": "anowak", "hostname": "WS-015", "src_ip": "10.0.20.156", "success": false, "logon_type": 10, "process": "powershell.exe", "windows_event_id": 4768, "domain": "WORKGROUP", "workstation": "WS-015", "failure_reason": "Account expired" }, { "event_id": "EVT-00053", "timestamp": "2024-11-15T04:23:10.000Z", "type": "authentication", "subtype": "logoff", "user": "svc_scan", "hostname": "WS-029", "src_ip": "10.0.0.34", "success": true, "logon_type": 10, "process": "winlogon.exe", "windows_event_id": 4768, "domain": "LOCAL", "workstation": "WS-029", "failure_reason": null }, { "event_id": "EVT-00054", "timestamp": "2024-11-15T04:26:25.000Z", "type": "authentication", "subtype": "logon", "user": "svc_scan", "hostname": "WS-014", "src_ip": "10.0.1.18", "success": true, "logon_type": 5, "process": "cmd.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "WS-014", "failure_reason": null }, { "event_id": "EVT-00055", "timestamp": "2024-11-15T04:30:06.000Z", "type": "authentication", "subtype": "failed_logon", "user": "SYSTEM", "hostname": "PROXY-01", "src_ip": "10.0.2.23", "success": true, "logon_type": 10, "process": "powershell.exe", "windows_event_id": 4768, "domain": "CORP", "workstation": "PROXY-01", "failure_reason": null }, { "event_id": "EVT-00056", "timestamp": "2024-11-15T04:36:08.000Z", "type": "authentication", "subtype": "account_lockout", "user": "mwojcik", "hostname": "WS-029", "src_ip": "10.0.2.9", "success": true, "logon_type": 2, "process": "wscript.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "WS-029", "failure_reason": null }, { "event_id": "EVT-00057", "timestamp": "2024-11-15T04:42:35.000Z", "type": "authentication", "subtype": "privilege_use", "user": "NT AUTHORITY", "hostname": "SRV-06", "src_ip": "10.0.2.250", "success": true, "logon_type": 10, "process": "cmd.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "SRV-06", "failure_reason": null }, { "event_id": "EVT-00058", "timestamp": "2024-11-15T04:49:27.000Z", "type": "authentication", "subtype": "account_lockout", "user": "admin", "hostname": "MAIL-01", "src_ip": "10.0.20.234", "success": true, "logon_type": 4, "process": "powershell.exe", "windows_event_id": 4648, "domain": "CORP", "workstation": "MAIL-01", "failure_reason": null }, { "event_id": "EVT-00059", "timestamp": "2024-11-15T04:52:09.000Z", "type": "authentication", "subtype": "failed_logon", "user": "bwiśniewski", "hostname": "WS-027", "src_ip": "10.0.0.2", "success": true, "logon_type": 7, "process": "winlogon.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "WS-027", "failure_reason": null }, { "event_id": "EVT-00060", "timestamp": "2024-11-15T04:58:48.000Z", "type": "authentication", "subtype": "privilege_use", "user": "bwiśniewski", "hostname": "DC-02", "src_ip": "10.0.20.4", "success": true, "logon_type": 5, "process": "svchost.exe", "windows_event_id": 4648, "domain": "CORP", "workstation": "DC-02", "failure_reason": null }, { "event_id": "EVT-00061", "timestamp": "2024-11-15T05:04:27.000Z", "type": "authentication", "subtype": "privilege_use", "user": "mlewandowski", "hostname": "WS-027", "src_ip": "10.0.10.43", "success": true, "logon_type": 10, "process": "wscript.exe", "windows_event_id": 4771, "domain": "WORKGROUP", "workstation": "WS-027", "failure_reason": null }, { "event_id": "EVT-00062", "timestamp": "2024-11-15T05:06:33.000Z", "type": "authentication", "subtype": "account_lockout", "user": "mwojcik", "hostname": "WS-028", "src_ip": "10.0.20.74", "success": true, "logon_type": 10, "process": "wscript.exe", "windows_event_id": 4768, "domain": "WORKGROUP", "workstation": "WS-028", "failure_reason": null }, { "event_id": "EVT-00063", "timestamp": "2024-11-15T05:11:18.000Z", "type": "authentication", "subtype": "logon", "user": "mwojcik", "hostname": "WS-012", "src_ip": "10.0.100.160", "success": true, "logon_type": 5, "process": "svchost.exe", "windows_event_id": 4776, "domain": "CORP", "workstation": "WS-012", "failure_reason": null }, { "event_id": "EVT-00064", "timestamp": "2024-11-15T05:19:01.000Z", "type": "authentication", "subtype": "logoff", "user": "tmazur", "hostname": "WS-004", "src_ip": "10.0.1.74", "success": false, "logon_type": 4, "process": "winlogon.exe", "windows_event_id": 4776, "domain": "LOCAL", "workstation": "WS-004", "failure_reason": "Bad password" }, { "event_id": "EVT-00065", "timestamp": "2024-11-15T05:23:13.000Z", "type": "authentication", "subtype": "failed_logon", "user": "mwojcik", "hostname": "WS-001", "src_ip": "10.0.50.81", "success": false, "logon_type": 5, "process": "svchost.exe", "windows_event_id": 4776, "domain": "LOCAL", "workstation": "WS-001", "failure_reason": "Bad password" }, { "event_id": "EVT-00066", "timestamp": "2024-11-15T05:26:03.000Z", "type": "authentication", "subtype": "failed_logon", "user": "tmazur", "hostname": "PROXY-01", "src_ip": "10.0.50.20", "success": false, "logon_type": 7, "process": "powershell.exe", "windows_event_id": 4634, "domain": "CORP", "workstation": "PROXY-01", "failure_reason": "Account expired" }, { "event_id": "EVT-00067", "timestamp": "2024-11-15T05:30:49.000Z", "type": "authentication", "subtype": "logoff", "user": "NT AUTHORITY", "hostname": "WS-001", "src_ip": "10.0.50.199", "success": true, "logon_type": 5, "process": "winlogon.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "WS-001", "failure_reason": null }, { "event_id": "EVT-00068", "timestamp": "2024-11-15T05:39:42.000Z", "type": "authentication", "subtype": "logoff", "user": "bwiśniewski", "hostname": "WS-007", "src_ip": "10.0.100.101", "success": true, "logon_type": 10, "process": "svchost.exe", "windows_event_id": 4769, "domain": "CORP", "workstation": "WS-007", "failure_reason": null }, { "event_id": "EVT-00069", "timestamp": "2024-11-15T05:44:33.000Z", "type": "authentication", "subtype": "logon", "user": "svc_backup", "hostname": "MAIL-01", "src_ip": "10.0.20.125", "success": true, "logon_type": 10, "process": "svchost.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "MAIL-01", "failure_reason": null }, { "event_id": "EVT-00070", "timestamp": "2024-11-15T05:45:15.000Z", "type": "authentication", "subtype": "privilege_use", "user": "jkowalski", "hostname": "WS-014", "src_ip": "10.0.30.5", "success": true, "logon_type": 3, "process": "svchost.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "WS-014", "failure_reason": null }, { "event_id": "EVT-00071", "timestamp": "2024-11-15T05:54:50.000Z", "type": "authentication", "subtype": "privilege_use", "user": "SYSTEM", "hostname": "WS-003", "src_ip": "10.0.2.97", "success": false, "logon_type": 2, "process": "winlogon.exe", "windows_event_id": 4634, "domain": "WORKGROUP", "workstation": "WS-003", "failure_reason": "Bad password" }, { "event_id": "EVT-00072", "timestamp": "2024-11-15T05:55:03.000Z", "type": "authentication", "subtype": "failed_logon", "user": "svc_backup", "hostname": "PROXY-01", "src_ip": "10.0.2.181", "success": true, "logon_type": 7, "process": "lsass.exe", "windows_event_id": 4634, "domain": "WORKGROUP", "workstation": "PROXY-01", "failure_reason": null }, { "event_id": "EVT-00073", "timestamp": "2024-11-15T06:02:51.000Z", "type": "authentication", "subtype": "privilege_use", "user": "mwojcik", "hostname": "SRV-07", "src_ip": "10.0.10.7", "success": true, "logon_type": 10, "process": "powershell.exe", "windows_event_id": 4769, "domain": "LOCAL", "workstation": "SRV-07", "failure_reason": null }, { "event_id": "EVT-00074", "timestamp": "2024-11-15T06:08:45.000Z", "type": "authentication", "subtype": "privilege_use", "user": "pkaminski", "hostname": "WS-003", "src_ip": "10.0.20.140", "success": true, "logon_type": 10, "process": "powershell.exe", "windows_event_id": 4648, "domain": "LOCAL", "workstation": "WS-003", "failure_reason": null }, { "event_id": "EVT-00075", "timestamp": "2024-11-15T06:13:17.000Z", "type": "authentication", "subtype": "account_lockout", "user": "pkaminski", "hostname": "WS-021", "src_ip": "10.0.2.19", "success": true, "logon_type": 7, "process": "winlogon.exe", "windows_event_id": 4776, "domain": "WORKGROUP", "workstation": "WS-021", "failure_reason": null }, { "event_id": "EVT-00076", "timestamp": "2024-11-15T06:18:00.000Z", "type": "authentication", "subtype": "account_lockout", "user": "NT AUTHORITY", "hostname": "WS-024", "src_ip": "10.0.50.189", "success": true, "logon_type": 3, "process": "lsass.exe", "windows_event_id": 4769, "domain": "LOCAL", "workstation": "WS-024", "failure_reason": null }, { "event_id": "EVT-00077", "timestamp": "2024-11-15T06:24:52.000Z", "type": "authentication", "subtype": "privilege_use", "user": "mwojcik", "hostname": "WS-005", "src_ip": "10.0.10.136", "success": true, "logon_type": 10, "process": "powershell.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "WS-005", "failure_reason": null }, { "event_id": "EVT-00078", "timestamp": "2024-11-15T06:27:07.000Z", "type": "authentication", "subtype": "logon", "user": "agórecka", "hostname": "SRV-13", "src_ip": "10.0.1.13", "success": true, "logon_type": 3, "process": "winlogon.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "SRV-13", "failure_reason": null }, { "event_id": "EVT-00079", "timestamp": "2024-11-15T06:30:36.000Z", "type": "authentication", "subtype": "privilege_use", "user": "anowak", "hostname": "WS-007", "src_ip": "10.0.100.136", "success": true, "logon_type": 7, "process": "wscript.exe", "windows_event_id": 4768, "domain": "CORP", "workstation": "WS-007", "failure_reason": null }, { "event_id": "EVT-00080", "timestamp": "2024-11-15T06:35:00.000Z", "type": "authentication", "subtype": "logoff", "user": "tmazur", "hostname": "FS-01", "src_ip": "10.0.100.239", "success": false, "logon_type": 2, "process": "powershell.exe", "windows_event_id": 4624, "domain": "WORKGROUP", "workstation": "FS-01", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00081", "timestamp": "2024-11-15T06:40:52.000Z", "type": "authentication", "subtype": "account_lockout", "user": "NT AUTHORITY", "hostname": "FS-01", "src_ip": "10.0.20.137", "success": true, "logon_type": 2, "process": "wscript.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "FS-01", "failure_reason": null }, { "event_id": "EVT-00082", "timestamp": "2024-11-15T06:45:06.000Z", "type": "authentication", "subtype": "logoff", "user": "anowak", "hostname": "SRV-05", "src_ip": "10.0.50.50", "success": true, "logon_type": 3, "process": "cmd.exe", "windows_event_id": 4648, "domain": "LOCAL", "workstation": "SRV-05", "failure_reason": null }, { "event_id": "EVT-00083", "timestamp": "2024-11-15T06:54:26.000Z", "type": "authentication", "subtype": "logon", "user": "svc_backup", "hostname": "SRV-07", "src_ip": "10.0.30.174", "success": true, "logon_type": 5, "process": "wscript.exe", "windows_event_id": 4771, "domain": "CORP", "workstation": "SRV-07", "failure_reason": null }, { "event_id": "EVT-00084", "timestamp": "2024-11-15T06:58:32.000Z", "type": "authentication", "subtype": "failed_logon", "user": "pkaminski", "hostname": "SRV-07", "src_ip": "10.0.2.138", "success": true, "logon_type": 7, "process": "powershell.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "SRV-07", "failure_reason": null }, { "event_id": "EVT-00085", "timestamp": "2024-11-15T07:02:26.000Z", "type": "authentication", "subtype": "privilege_use", "user": "mlewandowski", "hostname": "WS-021", "src_ip": "10.0.30.157", "success": true, "logon_type": 3, "process": "cmd.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "WS-021", "failure_reason": null }, { "event_id": "EVT-00086", "timestamp": "2024-11-15T07:07:23.000Z", "type": "authentication", "subtype": "privilege_use", "user": "SYSTEM", "hostname": "MAIL-01", "src_ip": "10.0.100.247", "success": true, "logon_type": 5, "process": "lsass.exe", "windows_event_id": 4624, "domain": "WORKGROUP", "workstation": "MAIL-01", "failure_reason": null }, { "event_id": "EVT-00087", "timestamp": "2024-11-15T07:12:00.000Z", "type": "authentication", "subtype": "failed_logon", "user": "admin", "hostname": "WS-009", "src_ip": "10.0.10.56", "success": false, "logon_type": 4, "process": "lsass.exe", "windows_event_id": 4768, "domain": "LOCAL", "workstation": "WS-009", "failure_reason": "Account locked" }, { "event_id": "EVT-00088", "timestamp": "2024-11-15T07:16:08.000Z", "type": "authentication", "subtype": "failed_logon", "user": "anowak", "hostname": "WS-023", "src_ip": "10.0.30.229", "success": false, "logon_type": 7, "process": "winlogon.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "WS-023", "failure_reason": "Account expired" }, { "event_id": "EVT-00089", "timestamp": "2024-11-15T07:21:46.000Z", "type": "authentication", "subtype": "logon", "user": "anowak", "hostname": "SRV-08", "src_ip": "10.0.30.204", "success": true, "logon_type": 5, "process": "winlogon.exe", "windows_event_id": 4776, "domain": "LOCAL", "workstation": "SRV-08", "failure_reason": null }, { "event_id": "EVT-00090", "timestamp": "2024-11-15T07:29:41.000Z", "type": "authentication", "subtype": "failed_logon", "user": "svc_scan", "hostname": "WS-007", "src_ip": "10.0.0.189", "success": true, "logon_type": 7, "process": "powershell.exe", "windows_event_id": 4625, "domain": "CORP", "workstation": "WS-007", "failure_reason": null }, { "event_id": "EVT-00091", "timestamp": "2024-11-15T07:33:59.000Z", "type": "authentication", "subtype": "logon", "user": "SYSTEM", "hostname": "WS-028", "src_ip": "10.0.10.193", "success": true, "logon_type": 10, "process": "cmd.exe", "windows_event_id": 4624, "domain": "LOCAL", "workstation": "WS-028", "failure_reason": null }, { "event_id": "EVT-00092", "timestamp": "2024-11-15T07:37:33.000Z", "type": "authentication", "subtype": "logon", "user": "SYSTEM", "hostname": "WS-004", "src_ip": "10.0.30.140", "success": true, "logon_type": 7, "process": "winlogon.exe", "windows_event_id": 4769, "domain": "LOCAL", "workstation": "WS-004", "failure_reason": null }, { "event_id": "EVT-00093", "timestamp": "2024-11-15T07:43:28.000Z", "type": "authentication", "subtype": "account_lockout", "user": "svc_scan", "hostname": "WS-004", "src_ip": "10.0.1.58", "success": false, "logon_type": 5, "process": "svchost.exe", "windows_event_id": 4771, "domain": "CORP", "workstation": "WS-004", "failure_reason": "Account locked" }, { "event_id": "EVT-00094", "timestamp": "2024-11-15T07:45:35.000Z", "type": "authentication", "subtype": "privilege_use", "user": "tmazur", "hostname": "SRV-08", "src_ip": "10.0.20.23", "success": false, "logon_type": 5, "process": "cmd.exe", "windows_event_id": 4771, "domain": "LOCAL", "workstation": "SRV-08", "failure_reason": "Account locked" }, { "event_id": "EVT-00095", "timestamp": "2024-11-15T07:51:31.000Z", "type": "authentication", "subtype": "privilege_use", "user": "SYSTEM", "hostname": "SRV-07", "src_ip": "10.0.10.145", "success": false, "logon_type": 7, "process": "wscript.exe", "windows_event_id": 4648, "domain": "CORP", "workstation": "SRV-07", "failure_reason": "Bad password" }, { "event_id": "EVT-00096", "timestamp": "2024-11-15T07:59:05.000Z", "type": "authentication", "subtype": "logon", "user": "agórecka", "hostname": "WS-021", "src_ip": "10.0.50.110", "success": true, "logon_type": 4, "process": "svchost.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "WS-021", "failure_reason": null }, { "event_id": "EVT-00097", "timestamp": "2024-11-15T08:02:10.000Z", "type": "authentication", "subtype": "failed_logon", "user": "tmazur", "hostname": "WS-002", "src_ip": "10.0.100.161", "success": true, "logon_type": 3, "process": "powershell.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "WS-002", "failure_reason": null }, { "event_id": "EVT-00098", "timestamp": "2024-11-15T08:05:07.000Z", "type": "authentication", "subtype": "logon", "user": "mwojcik", "hostname": "WS-010", "src_ip": "10.0.10.244", "success": true, "logon_type": 7, "process": "winlogon.exe", "windows_event_id": 4768, "domain": "CORP", "workstation": "WS-010", "failure_reason": null }, { "event_id": "EVT-00099", "timestamp": "2024-11-15T08:12:28.000Z", "type": "authentication", "subtype": "privilege_use", "user": "tmazur", "hostname": "WS-008", "src_ip": "10.0.0.86", "success": true, "logon_type": 3, "process": "wscript.exe", "windows_event_id": 4648, "domain": "CORP", "workstation": "WS-008", "failure_reason": null }, { "event_id": "EVT-00100", "timestamp": "2024-11-15T08:19:30.000Z", "type": "authentication", "subtype": "account_lockout", "user": "mlewandowski", "hostname": "WS-017", "src_ip": "10.0.2.179", "success": true, "logon_type": 10, "process": "wscript.exe", "windows_event_id": 4624, "domain": "WORKGROUP", "workstation": "WS-017", "failure_reason": null }, { "event_id": "EVT-00101", "timestamp": "2024-11-15T08:20:16.000Z", "type": "authentication", "subtype": "logoff", "user": "admin", "hostname": "SRV-05", "src_ip": "10.0.0.74", "success": true, "logon_type": 3, "process": "wscript.exe", "windows_event_id": 4768, "domain": "CORP", "workstation": "SRV-05", "failure_reason": null }, { "event_id": "EVT-00102", "timestamp": "2024-11-15T08:25:24.000Z", "type": "authentication", "subtype": "failed_logon", "user": "bwiśniewski", "hostname": "WS-001", "src_ip": "10.0.30.223", "success": true, "logon_type": 2, "process": "lsass.exe", "windows_event_id": 4768, "domain": "LOCAL", "workstation": "WS-001", "failure_reason": null }, { "event_id": "EVT-00103", "timestamp": "2024-11-15T08:34:45.000Z", "type": "authentication", "subtype": "logon", "user": "kzielinska", "hostname": "WS-025", "src_ip": "10.0.30.126", "success": false, "logon_type": 7, "process": "cmd.exe", "windows_event_id": 4625, "domain": "CORP", "workstation": "WS-025", "failure_reason": "Account locked" }, { "event_id": "EVT-00104", "timestamp": "2024-11-15T08:35:02.000Z", "type": "authentication", "subtype": "logoff", "user": "mlewandowski", "hostname": "SRV-07", "src_ip": "10.0.20.87", "success": true, "logon_type": 5, "process": "powershell.exe", "windows_event_id": 4634, "domain": "CORP", "workstation": "SRV-07", "failure_reason": null }, { "event_id": "EVT-00105", "timestamp": "2024-11-15T08:42:15.000Z", "type": "authentication", "subtype": "account_lockout", "user": "tmazur", "hostname": "WS-023", "src_ip": "10.0.20.209", "success": true, "logon_type": 2, "process": "wscript.exe", "windows_event_id": 4768, "domain": "WORKGROUP", "workstation": "WS-023", "failure_reason": null }, { "event_id": "EVT-00106", "timestamp": "2024-11-15T08:47:14.000Z", "type": "authentication", "subtype": "logoff", "user": "NT AUTHORITY", "hostname": "SRV-07", "src_ip": "10.0.30.231", "success": true, "logon_type": 5, "process": "wscript.exe", "windows_event_id": 4634, "domain": "CORP", "workstation": "SRV-07", "failure_reason": null }, { "event_id": "EVT-00107", "timestamp": "2024-11-15T08:54:55.000Z", "type": "authentication", "subtype": "logoff", "user": "svc_scan", "hostname": "DC-01", "src_ip": "10.0.50.63", "success": true, "logon_type": 7, "process": "winlogon.exe", "windows_event_id": 4771, "domain": "WORKGROUP", "workstation": "DC-01", "failure_reason": null }, { "event_id": "EVT-00108", "timestamp": "2024-11-15T08:56:13.000Z", "type": "authentication", "subtype": "logoff", "user": "admin", "hostname": "SRV-06", "src_ip": "10.0.10.222", "success": true, "logon_type": 3, "process": "svchost.exe", "windows_event_id": 4634, "domain": "WORKGROUP", "workstation": "SRV-06", "failure_reason": null }, { "event_id": "EVT-00109", "timestamp": "2024-11-15T09:01:20.000Z", "type": "authentication", "subtype": "logon", "user": "SYSTEM", "hostname": "SRV-08", "src_ip": "10.0.1.49", "success": false, "logon_type": 4, "process": "winlogon.exe", "windows_event_id": 4624, "domain": "WORKGROUP", "workstation": "SRV-08", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00110", "timestamp": "2024-11-15T09:07:09.000Z", "type": "authentication", "subtype": "logoff", "user": "kzielinska", "hostname": "MAIL-01", "src_ip": "10.0.1.35", "success": true, "logon_type": 3, "process": "lsass.exe", "windows_event_id": 4768, "domain": "LOCAL", "workstation": "MAIL-01", "failure_reason": null }, { "event_id": "EVT-00111", "timestamp": "2024-11-15T09:11:14.000Z", "type": "authentication", "subtype": "logon", "user": "admin", "hostname": "SRV-10", "src_ip": "10.0.30.22", "success": true, "logon_type": 10, "process": "powershell.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "SRV-10", "failure_reason": null }, { "event_id": "EVT-00112", "timestamp": "2024-11-15T09:17:11.000Z", "type": "authentication", "subtype": "privilege_use", "user": "NT AUTHORITY", "hostname": "FS-01", "src_ip": "10.0.100.123", "success": true, "logon_type": 3, "process": "winlogon.exe", "windows_event_id": 4648, "domain": "CORP", "workstation": "FS-01", "failure_reason": null }, { "event_id": "EVT-00113", "timestamp": "2024-11-15T09:22:26.000Z", "type": "authentication", "subtype": "logoff", "user": "jkowalski", "hostname": "WS-001", "src_ip": "10.0.10.195", "success": true, "logon_type": 3, "process": "lsass.exe", "windows_event_id": 4634, "domain": "WORKGROUP", "workstation": "WS-001", "failure_reason": null }, { "event_id": "EVT-00114", "timestamp": "2024-11-15T09:27:55.000Z", "type": "authentication", "subtype": "privilege_use", "user": "NT AUTHORITY", "hostname": "DC-02", "src_ip": "10.0.10.111", "success": true, "logon_type": 5, "process": "lsass.exe", "windows_event_id": 4771, "domain": "LOCAL", "workstation": "DC-02", "failure_reason": null }, { "event_id": "EVT-00115", "timestamp": "2024-11-15T09:34:38.000Z", "type": "authentication", "subtype": "account_lockout", "user": "tmazur", "hostname": "MAIL-01", "src_ip": "10.0.0.135", "success": true, "logon_type": 2, "process": "powershell.exe", "windows_event_id": 4776, "domain": "CORP", "workstation": "MAIL-01", "failure_reason": null }, { "event_id": "EVT-00116", "timestamp": "2024-11-15T09:35:35.000Z", "type": "authentication", "subtype": "privilege_use", "user": "mwojcik", "hostname": "WS-026", "src_ip": "10.0.0.50", "success": true, "logon_type": 4, "process": "powershell.exe", "windows_event_id": 4771, "domain": "WORKGROUP", "workstation": "WS-026", "failure_reason": null }, { "event_id": "EVT-00117", "timestamp": "2024-11-15T09:41:27.000Z", "type": "authentication", "subtype": "failed_logon", "user": "SYSTEM", "hostname": "SRV-01", "src_ip": "10.0.0.178", "success": true, "logon_type": 7, "process": "winlogon.exe", "windows_event_id": 4776, "domain": "LOCAL", "workstation": "SRV-01", "failure_reason": null }, { "event_id": "EVT-00118", "timestamp": "2024-11-15T09:45:11.000Z", "type": "authentication", "subtype": "account_lockout", "user": "bwiśniewski", "hostname": "SRV-04", "src_ip": "10.0.2.102", "success": false, "logon_type": 5, "process": "svchost.exe", "windows_event_id": 4776, "domain": "CORP", "workstation": "SRV-04", "failure_reason": "Account locked" }, { "event_id": "EVT-00119", "timestamp": "2024-11-15T09:51:56.000Z", "type": "authentication", "subtype": "privilege_use", "user": "bwiśniewski", "hostname": "FS-01", "src_ip": "10.0.1.66", "success": true, "logon_type": 4, "process": "wscript.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "FS-01", "failure_reason": null }, { "event_id": "EVT-00120", "timestamp": "2024-11-15T09:58:40.000Z", "type": "authentication", "subtype": "failed_logon", "user": "svc_scan", "hostname": "WS-008", "src_ip": "10.0.1.136", "success": false, "logon_type": 10, "process": "powershell.exe", "windows_event_id": 4634, "domain": "WORKGROUP", "workstation": "WS-008", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00121", "timestamp": "2024-11-15T10:04:55.000Z", "type": "authentication", "subtype": "logoff", "user": "jkowalski", "hostname": "WS-022", "src_ip": "10.0.2.224", "success": true, "logon_type": 3, "process": "winlogon.exe", "windows_event_id": 4624, "domain": "WORKGROUP", "workstation": "WS-022", "failure_reason": null }, { "event_id": "EVT-00122", "timestamp": "2024-11-15T10:07:40.000Z", "type": "authentication", "subtype": "logoff", "user": "agórecka", "hostname": "WS-029", "src_ip": "10.0.1.232", "success": true, "logon_type": 3, "process": "winlogon.exe", "windows_event_id": 4624, "domain": "LOCAL", "workstation": "WS-029", "failure_reason": null }, { "event_id": "EVT-00123", "timestamp": "2024-11-15T10:13:54.000Z", "type": "authentication", "subtype": "privilege_use", "user": "SYSTEM", "hostname": "SRV-01", "src_ip": "10.0.0.157", "success": true, "logon_type": 5, "process": "winlogon.exe", "windows_event_id": 4648, "domain": "LOCAL", "workstation": "SRV-01", "failure_reason": null }, { "event_id": "EVT-00124", "timestamp": "2024-11-15T10:18:05.000Z", "type": "authentication", "subtype": "account_lockout", "user": "svc_backup", "hostname": "WS-027", "src_ip": "10.0.0.64", "success": true, "logon_type": 7, "process": "svchost.exe", "windows_event_id": 4648, "domain": "CORP", "workstation": "WS-027", "failure_reason": null }, { "event_id": "EVT-00125", "timestamp": "2024-11-15T10:22:02.000Z", "type": "authentication", "subtype": "logoff", "user": "pkaminski", "hostname": "SRV-13", "src_ip": "10.0.0.172", "success": false, "logon_type": 7, "process": "cmd.exe", "windows_event_id": 4768, "domain": "WORKGROUP", "workstation": "SRV-13", "failure_reason": "Bad password" }, { "event_id": "EVT-00126", "timestamp": "2024-11-15T10:26:43.000Z", "type": "authentication", "subtype": "failed_logon", "user": "jkowalski", "hostname": "WS-012", "src_ip": "10.0.2.249", "success": false, "logon_type": 5, "process": "wscript.exe", "windows_event_id": 4769, "domain": "CORP", "workstation": "WS-012", "failure_reason": "Bad password" }, { "event_id": "EVT-00127", "timestamp": "2024-11-15T10:33:52.000Z", "type": "authentication", "subtype": "logon", "user": "SYSTEM", "hostname": "WS-024", "src_ip": "10.0.50.217", "success": true, "logon_type": 7, "process": "lsass.exe", "windows_event_id": 4768, "domain": "WORKGROUP", "workstation": "WS-024", "failure_reason": null }, { "event_id": "EVT-00128", "timestamp": "2024-11-15T10:37:33.000Z", "type": "authentication", "subtype": "privilege_use", "user": "pkaminski", "hostname": "WS-018", "src_ip": "10.0.10.180", "success": false, "logon_type": 3, "process": "cmd.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "WS-018", "failure_reason": "Bad password" }, { "event_id": "EVT-00129", "timestamp": "2024-11-15T10:42:27.000Z", "type": "authentication", "subtype": "account_lockout", "user": "bwiśniewski", "hostname": "SRV-10", "src_ip": "10.0.30.68", "success": true, "logon_type": 7, "process": "cmd.exe", "windows_event_id": 4769, "domain": "CORP", "workstation": "SRV-10", "failure_reason": null }, { "event_id": "EVT-00130", "timestamp": "2024-11-15T10:48:31.000Z", "type": "authentication", "subtype": "logoff", "user": "admin", "hostname": "SRV-05", "src_ip": "10.0.10.183", "success": true, "logon_type": 4, "process": "winlogon.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "SRV-05", "failure_reason": null }, { "event_id": "EVT-00131", "timestamp": "2024-11-15T10:51:51.000Z", "type": "authentication", "subtype": "account_lockout", "user": "jkowalski", "hostname": "WS-008", "src_ip": "10.0.50.107", "success": true, "logon_type": 2, "process": "svchost.exe", "windows_event_id": 4769, "domain": "LOCAL", "workstation": "WS-008", "failure_reason": null }, { "event_id": "EVT-00132", "timestamp": "2024-11-15T10:56:44.000Z", "type": "authentication", "subtype": "failed_logon", "user": "SYSTEM", "hostname": "WS-001", "src_ip": "10.0.20.204", "success": true, "logon_type": 2, "process": "svchost.exe", "windows_event_id": 4768, "domain": "LOCAL", "workstation": "WS-001", "failure_reason": null }, { "event_id": "EVT-00133", "timestamp": "2024-11-15T11:00:43.000Z", "type": "authentication", "subtype": "failed_logon", "user": "mlewandowski", "hostname": "WS-001", "src_ip": "10.0.30.103", "success": true, "logon_type": 10, "process": "cmd.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "WS-001", "failure_reason": null }, { "event_id": "EVT-00134", "timestamp": "2024-11-15T11:08:58.000Z", "type": "authentication", "subtype": "privilege_use", "user": "mwojcik", "hostname": "WS-022", "src_ip": "10.0.0.167", "success": true, "logon_type": 3, "process": "powershell.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "WS-022", "failure_reason": null }, { "event_id": "EVT-00135", "timestamp": "2024-11-15T11:12:29.000Z", "type": "authentication", "subtype": "privilege_use", "user": "bwiśniewski", "hostname": "SRV-06", "src_ip": "10.0.0.215", "success": true, "logon_type": 7, "process": "svchost.exe", "windows_event_id": 4769, "domain": "LOCAL", "workstation": "SRV-06", "failure_reason": null }, { "event_id": "EVT-00136", "timestamp": "2024-11-15T11:17:51.000Z", "type": "authentication", "subtype": "failed_logon", "user": "mlewandowski", "hostname": "SRV-08", "src_ip": "10.0.1.250", "success": false, "logon_type": 3, "process": "svchost.exe", "windows_event_id": 4624, "domain": "WORKGROUP", "workstation": "SRV-08", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00137", "timestamp": "2024-11-15T11:24:38.000Z", "type": "authentication", "subtype": "privilege_use", "user": "svc_backup", "hostname": "WS-011", "src_ip": "10.0.2.154", "success": true, "logon_type": 2, "process": "svchost.exe", "windows_event_id": 4769, "domain": "LOCAL", "workstation": "WS-011", "failure_reason": null }, { "event_id": "EVT-00138", "timestamp": "2024-11-15T11:28:56.000Z", "type": "authentication", "subtype": "logoff", "user": "jkowalski", "hostname": "WS-006", "src_ip": "10.0.30.117", "success": true, "logon_type": 4, "process": "winlogon.exe", "windows_event_id": 4768, "domain": "CORP", "workstation": "WS-006", "failure_reason": null }, { "event_id": "EVT-00139", "timestamp": "2024-11-15T11:31:58.000Z", "type": "authentication", "subtype": "logon", "user": "anowak", "hostname": "WS-003", "src_ip": "10.0.100.131", "success": true, "logon_type": 2, "process": "powershell.exe", "windows_event_id": 4634, "domain": "CORP", "workstation": "WS-003", "failure_reason": null }, { "event_id": "EVT-00140", "timestamp": "2024-11-15T11:39:19.000Z", "type": "authentication", "subtype": "failed_logon", "user": "tmazur", "hostname": "FS-02", "src_ip": "10.0.2.198", "success": true, "logon_type": 2, "process": "cmd.exe", "windows_event_id": 4634, "domain": "CORP", "workstation": "FS-02", "failure_reason": null }, { "event_id": "EVT-00141", "timestamp": "2024-11-15T11:44:07.000Z", "type": "authentication", "subtype": "logon", "user": "svc_scan", "hostname": "WS-025", "src_ip": "10.0.20.240", "success": false, "logon_type": 2, "process": "wscript.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "WS-025", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00142", "timestamp": "2024-11-15T11:47:01.000Z", "type": "authentication", "subtype": "account_lockout", "user": "jkowalski", "hostname": "SRV-14", "src_ip": "10.0.20.165", "success": false, "logon_type": 3, "process": "svchost.exe", "windows_event_id": 4648, "domain": "CORP", "workstation": "SRV-14", "failure_reason": "Account expired" }, { "event_id": "EVT-00143", "timestamp": "2024-11-15T11:50:17.000Z", "type": "authentication", "subtype": "logoff", "user": "agórecka", "hostname": "WS-029", "src_ip": "10.0.2.72", "success": true, "logon_type": 2, "process": "lsass.exe", "windows_event_id": 4625, "domain": "CORP", "workstation": "WS-029", "failure_reason": null }, { "event_id": "EVT-00144", "timestamp": "2024-11-15T11:57:09.000Z", "type": "authentication", "subtype": "failed_logon", "user": "mlewandowski", "hostname": "WS-021", "src_ip": "10.0.10.45", "success": true, "logon_type": 2, "process": "svchost.exe", "windows_event_id": 4769, "domain": "LOCAL", "workstation": "WS-021", "failure_reason": null }, { "event_id": "EVT-00145", "timestamp": "2024-11-15T12:03:57.000Z", "type": "authentication", "subtype": "logon", "user": "bwiśniewski", "hostname": "WS-002", "src_ip": "10.0.1.100", "success": false, "logon_type": 2, "process": "lsass.exe", "windows_event_id": 4771, "domain": "WORKGROUP", "workstation": "WS-002", "failure_reason": "Account locked" }, { "event_id": "EVT-00146", "timestamp": "2024-11-15T12:08:39.000Z", "type": "authentication", "subtype": "failed_logon", "user": "svc_scan", "hostname": "SRV-09", "src_ip": "10.0.20.87", "success": true, "logon_type": 3, "process": "wscript.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "SRV-09", "failure_reason": null }, { "event_id": "EVT-00147", "timestamp": "2024-11-15T12:13:06.000Z", "type": "authentication", "subtype": "privilege_use", "user": "admin", "hostname": "DC-02", "src_ip": "10.0.20.177", "success": false, "logon_type": 10, "process": "wscript.exe", "windows_event_id": 4776, "domain": "WORKGROUP", "workstation": "DC-02", "failure_reason": "Account locked" }, { "event_id": "EVT-00148", "timestamp": "2024-11-15T12:17:58.000Z", "type": "authentication", "subtype": "failed_logon", "user": "mwojcik", "hostname": "SRV-11", "src_ip": "10.0.50.48", "success": false, "logon_type": 10, "process": "wscript.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "SRV-11", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00149", "timestamp": "2024-11-15T12:20:22.000Z", "type": "authentication", "subtype": "privilege_use", "user": "bwiśniewski", "hostname": "SRV-02", "src_ip": "10.0.100.218", "success": false, "logon_type": 3, "process": "svchost.exe", "windows_event_id": 4769, "domain": "LOCAL", "workstation": "SRV-02", "failure_reason": "Account locked" }, { "event_id": "EVT-00150", "timestamp": "2024-11-15T12:25:20.000Z", "type": "authentication", "subtype": "account_lockout", "user": "mlewandowski", "hostname": "FS-01", "src_ip": "10.0.1.204", "success": false, "logon_type": 4, "process": "cmd.exe", "windows_event_id": 4776, "domain": "WORKGROUP", "workstation": "FS-01", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00151", "timestamp": "2024-11-15T12:31:30.000Z", "type": "authentication", "subtype": "privilege_use", "user": "mwojcik", "hostname": "SRV-07", "src_ip": "10.0.1.89", "success": true, "logon_type": 3, "process": "wscript.exe", "windows_event_id": 4771, "domain": "WORKGROUP", "workstation": "SRV-07", "failure_reason": null }, { "event_id": "EVT-00152", "timestamp": "2024-11-15T12:36:11.000Z", "type": "authentication", "subtype": "logon", "user": "admin", "hostname": "SRV-06", "src_ip": "10.0.100.31", "success": true, "logon_type": 7, "process": "cmd.exe", "windows_event_id": 4776, "domain": "WORKGROUP", "workstation": "SRV-06", "failure_reason": null }, { "event_id": "EVT-00153", "timestamp": "2024-11-15T12:41:19.000Z", "type": "authentication", "subtype": "privilege_use", "user": "mlewandowski", "hostname": "WS-029", "src_ip": "10.0.1.155", "success": false, "logon_type": 2, "process": "wscript.exe", "windows_event_id": 4771, "domain": "WORKGROUP", "workstation": "WS-029", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00154", "timestamp": "2024-11-15T12:46:52.000Z", "type": "authentication", "subtype": "logoff", "user": "svc_backup", "hostname": "WS-006", "src_ip": "10.0.0.195", "success": true, "logon_type": 3, "process": "wscript.exe", "windows_event_id": 4634, "domain": "WORKGROUP", "workstation": "WS-006", "failure_reason": null }, { "event_id": "EVT-00155", "timestamp": "2024-11-15T12:54:28.000Z", "type": "authentication", "subtype": "logoff", "user": "mlewandowski", "hostname": "SRV-11", "src_ip": "10.0.10.176", "success": true, "logon_type": 4, "process": "svchost.exe", "windows_event_id": 4768, "domain": "WORKGROUP", "workstation": "SRV-11", "failure_reason": null }, { "event_id": "EVT-00156", "timestamp": "2024-11-15T12:55:37.000Z", "type": "authentication", "subtype": "logon", "user": "svc_scan", "hostname": "WS-023", "src_ip": "10.0.50.218", "success": true, "logon_type": 3, "process": "svchost.exe", "windows_event_id": 4624, "domain": "WORKGROUP", "workstation": "WS-023", "failure_reason": null }, { "event_id": "EVT-00157", "timestamp": "2024-11-15T13:04:52.000Z", "type": "authentication", "subtype": "failed_logon", "user": "mlewandowski", "hostname": "WS-001", "src_ip": "10.0.1.222", "success": true, "logon_type": 4, "process": "lsass.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "WS-001", "failure_reason": null }, { "event_id": "EVT-00158", "timestamp": "2024-11-15T13:07:45.000Z", "type": "authentication", "subtype": "privilege_use", "user": "svc_scan", "hostname": "SRV-12", "src_ip": "10.0.50.99", "success": true, "logon_type": 5, "process": "cmd.exe", "windows_event_id": 4648, "domain": "LOCAL", "workstation": "SRV-12", "failure_reason": null }, { "event_id": "EVT-00159", "timestamp": "2024-11-15T13:14:24.000Z", "type": "authentication", "subtype": "failed_logon", "user": "pkaminski", "hostname": "WS-013", "src_ip": "10.0.50.41", "success": true, "logon_type": 4, "process": "wscript.exe", "windows_event_id": 4634, "domain": "CORP", "workstation": "WS-013", "failure_reason": null }, { "event_id": "EVT-00160", "timestamp": "2024-11-15T13:16:46.000Z", "type": "authentication", "subtype": "privilege_use", "user": "jkowalski", "hostname": "WS-002", "src_ip": "10.0.50.251", "success": false, "logon_type": 3, "process": "lsass.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "WS-002", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00161", "timestamp": "2024-11-15T13:24:59.000Z", "type": "authentication", "subtype": "privilege_use", "user": "NT AUTHORITY", "hostname": "DC-02", "src_ip": "10.0.2.118", "success": true, "logon_type": 7, "process": "powershell.exe", "windows_event_id": 4776, "domain": "WORKGROUP", "workstation": "DC-02", "failure_reason": null }, { "event_id": "EVT-00162", "timestamp": "2024-11-15T13:29:00.000Z", "type": "authentication", "subtype": "account_lockout", "user": "tmazur", "hostname": "WS-028", "src_ip": "10.0.100.218", "success": false, "logon_type": 10, "process": "winlogon.exe", "windows_event_id": 4768, "domain": "WORKGROUP", "workstation": "WS-028", "failure_reason": "Account expired" }, { "event_id": "EVT-00163", "timestamp": "2024-11-15T13:33:45.000Z", "type": "authentication", "subtype": "failed_logon", "user": "jkowalski", "hostname": "SRV-08", "src_ip": "10.0.1.150", "success": true, "logon_type": 5, "process": "wscript.exe", "windows_event_id": 4625, "domain": "CORP", "workstation": "SRV-08", "failure_reason": null }, { "event_id": "EVT-00164", "timestamp": "2024-11-15T13:37:29.000Z", "type": "authentication", "subtype": "account_lockout", "user": "svc_scan", "hostname": "PROXY-01", "src_ip": "10.0.1.135", "success": true, "logon_type": 7, "process": "lsass.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "PROXY-01", "failure_reason": null }, { "event_id": "EVT-00165", "timestamp": "2024-11-15T13:40:43.000Z", "type": "authentication", "subtype": "account_lockout", "user": "svc_backup", "hostname": "SRV-14", "src_ip": "10.0.20.158", "success": true, "logon_type": 2, "process": "svchost.exe", "windows_event_id": 4624, "domain": "WORKGROUP", "workstation": "SRV-14", "failure_reason": null }, { "event_id": "EVT-00166", "timestamp": "2024-11-15T13:49:46.000Z", "type": "authentication", "subtype": "failed_logon", "user": "bwiśniewski", "hostname": "SRV-02", "src_ip": "10.0.50.92", "success": true, "logon_type": 4, "process": "svchost.exe", "windows_event_id": 4634, "domain": "CORP", "workstation": "SRV-02", "failure_reason": null }, { "event_id": "EVT-00167", "timestamp": "2024-11-15T13:52:46.000Z", "type": "authentication", "subtype": "account_lockout", "user": "svc_scan", "hostname": "MAIL-01", "src_ip": "10.0.20.17", "success": true, "logon_type": 10, "process": "powershell.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "MAIL-01", "failure_reason": null }, { "event_id": "EVT-00168", "timestamp": "2024-11-15T13:59:01.000Z", "type": "authentication", "subtype": "failed_logon", "user": "jkowalski", "hostname": "WS-019", "src_ip": "10.0.100.23", "success": true, "logon_type": 3, "process": "cmd.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "WS-019", "failure_reason": null }, { "event_id": "EVT-00169", "timestamp": "2024-11-15T14:02:54.000Z", "type": "authentication", "subtype": "failed_logon", "user": "agórecka", "hostname": "WS-018", "src_ip": "10.0.0.191", "success": false, "logon_type": 2, "process": "cmd.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "WS-018", "failure_reason": "Account locked" }, { "event_id": "EVT-00170", "timestamp": "2024-11-15T14:07:50.000Z", "type": "authentication", "subtype": "logoff", "user": "svc_backup", "hostname": "WS-012", "src_ip": "10.0.100.48", "success": true, "logon_type": 7, "process": "lsass.exe", "windows_event_id": 4769, "domain": "CORP", "workstation": "WS-012", "failure_reason": null }, { "event_id": "EVT-00171", "timestamp": "2024-11-15T14:13:48.000Z", "type": "authentication", "subtype": "privilege_use", "user": "pkaminski", "hostname": "WS-010", "src_ip": "10.0.50.62", "success": true, "logon_type": 10, "process": "powershell.exe", "windows_event_id": 4634, "domain": "CORP", "workstation": "WS-010", "failure_reason": null }, { "event_id": "EVT-00172", "timestamp": "2024-11-15T14:15:41.000Z", "type": "authentication", "subtype": "failed_logon", "user": "admin", "hostname": "WS-023", "src_ip": "10.0.1.15", "success": true, "logon_type": 3, "process": "powershell.exe", "windows_event_id": 4771, "domain": "WORKGROUP", "workstation": "WS-023", "failure_reason": null }, { "event_id": "EVT-00173", "timestamp": "2024-11-15T14:24:14.000Z", "type": "authentication", "subtype": "privilege_use", "user": "agórecka", "hostname": "PROXY-01", "src_ip": "10.0.50.123", "success": true, "logon_type": 4, "process": "winlogon.exe", "windows_event_id": 4771, "domain": "CORP", "workstation": "PROXY-01", "failure_reason": null }, { "event_id": "EVT-00174", "timestamp": "2024-11-15T14:28:43.000Z", "type": "authentication", "subtype": "failed_logon", "user": "agórecka", "hostname": "WS-029", "src_ip": "10.0.0.26", "success": true, "logon_type": 7, "process": "wscript.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "WS-029", "failure_reason": null }, { "event_id": "EVT-00175", "timestamp": "2024-11-15T14:32:17.000Z", "type": "authentication", "subtype": "failed_logon", "user": "admin", "hostname": "WS-018", "src_ip": "10.0.1.67", "success": true, "logon_type": 10, "process": "cmd.exe", "windows_event_id": 4771, "domain": "WORKGROUP", "workstation": "WS-018", "failure_reason": null }, { "event_id": "EVT-00176", "timestamp": "2024-11-15T14:39:49.000Z", "type": "authentication", "subtype": "logoff", "user": "SYSTEM", "hostname": "WS-016", "src_ip": "10.0.30.175", "success": true, "logon_type": 10, "process": "winlogon.exe", "windows_event_id": 4769, "domain": "LOCAL", "workstation": "WS-016", "failure_reason": null }, { "event_id": "EVT-00177", "timestamp": "2024-11-15T14:40:26.000Z", "type": "authentication", "subtype": "logon", "user": "jkowalski", "hostname": "WS-005", "src_ip": "10.0.1.177", "success": true, "logon_type": 5, "process": "svchost.exe", "windows_event_id": 4648, "domain": "LOCAL", "workstation": "WS-005", "failure_reason": null }, { "event_id": "EVT-00178", "timestamp": "2024-11-15T14:45:39.000Z", "type": "authentication", "subtype": "logon", "user": "agórecka", "hostname": "WS-003", "src_ip": "10.0.0.242", "success": true, "logon_type": 7, "process": "wscript.exe", "windows_event_id": 4648, "domain": "LOCAL", "workstation": "WS-003", "failure_reason": null }, { "event_id": "EVT-00179", "timestamp": "2024-11-15T14:50:54.000Z", "type": "authentication", "subtype": "account_lockout", "user": "svc_backup", "hostname": "WS-008", "src_ip": "10.0.2.98", "success": false, "logon_type": 10, "process": "wscript.exe", "windows_event_id": 4634, "domain": "CORP", "workstation": "WS-008", "failure_reason": "Account locked" }, { "event_id": "EVT-00180", "timestamp": "2024-11-15T14:55:40.000Z", "type": "authentication", "subtype": "privilege_use", "user": "agórecka", "hostname": "SRV-14", "src_ip": "10.0.20.198", "success": true, "logon_type": 5, "process": "wscript.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "SRV-14", "failure_reason": null }, { "event_id": "EVT-00181", "timestamp": "2024-11-15T15:00:24.000Z", "type": "authentication", "subtype": "privilege_use", "user": "pkaminski", "hostname": "WS-018", "src_ip": "10.0.30.17", "success": true, "logon_type": 4, "process": "svchost.exe", "windows_event_id": 4634, "domain": "WORKGROUP", "workstation": "WS-018", "failure_reason": null }, { "event_id": "EVT-00182", "timestamp": "2024-11-15T15:09:25.000Z", "type": "authentication", "subtype": "logoff", "user": "anowak", "hostname": "WS-013", "src_ip": "10.0.100.29", "success": true, "logon_type": 3, "process": "cmd.exe", "windows_event_id": 4771, "domain": "CORP", "workstation": "WS-013", "failure_reason": null }, { "event_id": "EVT-00183", "timestamp": "2024-11-15T15:12:06.000Z", "type": "authentication", "subtype": "logon", "user": "admin", "hostname": "WS-029", "src_ip": "10.0.1.20", "success": true, "logon_type": 7, "process": "wscript.exe", "windows_event_id": 4768, "domain": "WORKGROUP", "workstation": "WS-029", "failure_reason": null }, { "event_id": "EVT-00184", "timestamp": "2024-11-15T15:15:59.000Z", "type": "authentication", "subtype": "logon", "user": "jkowalski", "hostname": "WS-010", "src_ip": "10.0.50.70", "success": true, "logon_type": 3, "process": "wscript.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "WS-010", "failure_reason": null }, { "event_id": "EVT-00185", "timestamp": "2024-11-15T15:23:30.000Z", "type": "authentication", "subtype": "privilege_use", "user": "admin", "hostname": "FS-01", "src_ip": "10.0.50.218", "success": false, "logon_type": 10, "process": "lsass.exe", "windows_event_id": 4648, "domain": "CORP", "workstation": "FS-01", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00186", "timestamp": "2024-11-15T15:25:36.000Z", "type": "authentication", "subtype": "account_lockout", "user": "svc_scan", "hostname": "SRV-02", "src_ip": "10.0.30.87", "success": true, "logon_type": 10, "process": "svchost.exe", "windows_event_id": 4771, "domain": "CORP", "workstation": "SRV-02", "failure_reason": null }, { "event_id": "EVT-00187", "timestamp": "2024-11-15T15:30:23.000Z", "type": "authentication", "subtype": "account_lockout", "user": "svc_backup", "hostname": "SRV-13", "src_ip": "10.0.30.22", "success": true, "logon_type": 5, "process": "svchost.exe", "windows_event_id": 4648, "domain": "CORP", "workstation": "SRV-13", "failure_reason": null }, { "event_id": "EVT-00188", "timestamp": "2024-11-15T15:36:19.000Z", "type": "authentication", "subtype": "privilege_use", "user": "mlewandowski", "hostname": "WS-025", "src_ip": "10.0.1.163", "success": false, "logon_type": 10, "process": "svchost.exe", "windows_event_id": 4776, "domain": "CORP", "workstation": "WS-025", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00189", "timestamp": "2024-11-15T15:41:01.000Z", "type": "authentication", "subtype": "account_lockout", "user": "svc_scan", "hostname": "WS-003", "src_ip": "10.0.10.127", "success": false, "logon_type": 5, "process": "lsass.exe", "windows_event_id": 4768, "domain": "WORKGROUP", "workstation": "WS-003", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00190", "timestamp": "2024-11-15T15:47:50.000Z", "type": "authentication", "subtype": "logon", "user": "jkowalski", "hostname": "WS-004", "src_ip": "10.0.50.32", "success": false, "logon_type": 3, "process": "wscript.exe", "windows_event_id": 4776, "domain": "LOCAL", "workstation": "WS-004", "failure_reason": "Account locked" }, { "event_id": "EVT-00191", "timestamp": "2024-11-15T15:50:47.000Z", "type": "authentication", "subtype": "logoff", "user": "svc_scan", "hostname": "WS-005", "src_ip": "10.0.100.169", "success": true, "logon_type": 2, "process": "powershell.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "WS-005", "failure_reason": null }, { "event_id": "EVT-00192", "timestamp": "2024-11-15T15:56:40.000Z", "type": "authentication", "subtype": "logon", "user": "svc_scan", "hostname": "WS-001", "src_ip": "10.0.20.212", "success": true, "logon_type": 2, "process": "powershell.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "WS-001", "failure_reason": null }, { "event_id": "EVT-00193", "timestamp": "2024-11-15T16:00:31.000Z", "type": "authentication", "subtype": "account_lockout", "user": "anowak", "hostname": "WS-007", "src_ip": "10.0.10.18", "success": true, "logon_type": 3, "process": "powershell.exe", "windows_event_id": 4769, "domain": "LOCAL", "workstation": "WS-007", "failure_reason": null }, { "event_id": "EVT-00194", "timestamp": "2024-11-15T16:09:34.000Z", "type": "authentication", "subtype": "logoff", "user": "svc_backup", "hostname": "WS-008", "src_ip": "10.0.30.216", "success": true, "logon_type": 3, "process": "lsass.exe", "windows_event_id": 4634, "domain": "WORKGROUP", "workstation": "WS-008", "failure_reason": null }, { "event_id": "EVT-00195", "timestamp": "2024-11-15T16:13:10.000Z", "type": "authentication", "subtype": "failed_logon", "user": "anowak", "hostname": "WS-010", "src_ip": "10.0.2.114", "success": false, "logon_type": 3, "process": "cmd.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "WS-010", "failure_reason": "Bad password" }, { "event_id": "EVT-00196", "timestamp": "2024-11-15T16:18:49.000Z", "type": "authentication", "subtype": "logoff", "user": "SYSTEM", "hostname": "SRV-11", "src_ip": "10.0.0.227", "success": true, "logon_type": 5, "process": "lsass.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "SRV-11", "failure_reason": null }, { "event_id": "EVT-00197", "timestamp": "2024-11-15T16:24:56.000Z", "type": "authentication", "subtype": "failed_logon", "user": "pkaminski", "hostname": "FS-01", "src_ip": "10.0.50.179", "success": true, "logon_type": 5, "process": "wscript.exe", "windows_event_id": 4634, "domain": "CORP", "workstation": "FS-01", "failure_reason": null }, { "event_id": "EVT-00198", "timestamp": "2024-11-15T16:28:26.000Z", "type": "authentication", "subtype": "logoff", "user": "pkaminski", "hostname": "SRV-05", "src_ip": "10.0.2.158", "success": true, "logon_type": 10, "process": "lsass.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "SRV-05", "failure_reason": null }, { "event_id": "EVT-00199", "timestamp": "2024-11-15T16:32:22.000Z", "type": "authentication", "subtype": "privilege_use", "user": "bwiśniewski", "hostname": "WS-006", "src_ip": "10.0.0.144", "success": true, "logon_type": 3, "process": "winlogon.exe", "windows_event_id": 4625, "domain": "LOCAL", "workstation": "WS-006", "failure_reason": null }, { "event_id": "EVT-00200", "timestamp": "2024-11-15T16:39:32.000Z", "type": "authentication", "subtype": "logoff", "user": "anowak", "hostname": "PROXY-01", "src_ip": "10.0.100.199", "success": true, "logon_type": 10, "process": "wscript.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "PROXY-01", "failure_reason": null }, { "event_id": "EVT-00201", "timestamp": "2024-11-15T16:43:31.000Z", "type": "authentication", "subtype": "logoff", "user": "jkowalski", "hostname": "WS-010", "src_ip": "10.0.2.173", "success": false, "logon_type": 2, "process": "lsass.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "WS-010", "failure_reason": "Account locked" }, { "event_id": "EVT-00202", "timestamp": "2024-11-15T16:48:02.000Z", "type": "authentication", "subtype": "logon", "user": "kzielinska", "hostname": "SRV-11", "src_ip": "10.0.0.238", "success": true, "logon_type": 7, "process": "winlogon.exe", "windows_event_id": 4634, "domain": "CORP", "workstation": "SRV-11", "failure_reason": null }, { "event_id": "EVT-00203", "timestamp": "2024-11-15T16:51:46.000Z", "type": "authentication", "subtype": "privilege_use", "user": "bwiśniewski", "hostname": "WS-005", "src_ip": "10.0.30.109", "success": true, "logon_type": 3, "process": "wscript.exe", "windows_event_id": 4769, "domain": "CORP", "workstation": "WS-005", "failure_reason": null }, { "event_id": "EVT-00204", "timestamp": "2024-11-15T16:55:15.000Z", "type": "authentication", "subtype": "privilege_use", "user": "SYSTEM", "hostname": "WS-015", "src_ip": "10.0.10.98", "success": false, "logon_type": 3, "process": "lsass.exe", "windows_event_id": 4776, "domain": "LOCAL", "workstation": "WS-015", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00205", "timestamp": "2024-11-15T17:01:59.000Z", "type": "authentication", "subtype": "account_lockout", "user": "jkowalski", "hostname": "WS-010", "src_ip": "10.0.100.47", "success": true, "logon_type": 5, "process": "svchost.exe", "windows_event_id": 4634, "domain": "WORKGROUP", "workstation": "WS-010", "failure_reason": null }, { "event_id": "EVT-00206", "timestamp": "2024-11-15T17:07:12.000Z", "type": "authentication", "subtype": "failed_logon", "user": "svc_scan", "hostname": "WS-023", "src_ip": "10.0.2.10", "success": false, "logon_type": 10, "process": "cmd.exe", "windows_event_id": 4624, "domain": "WORKGROUP", "workstation": "WS-023", "failure_reason": "Account locked" }, { "event_id": "EVT-00207", "timestamp": "2024-11-15T17:13:10.000Z", "type": "authentication", "subtype": "failed_logon", "user": "anowak", "hostname": "SRV-01", "src_ip": "10.0.10.228", "success": true, "logon_type": 4, "process": "cmd.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "SRV-01", "failure_reason": null }, { "event_id": "EVT-00208", "timestamp": "2024-11-15T17:19:54.000Z", "type": "authentication", "subtype": "logoff", "user": "admin", "hostname": "SRV-08", "src_ip": "10.0.1.107", "success": true, "logon_type": 7, "process": "powershell.exe", "windows_event_id": 4648, "domain": "LOCAL", "workstation": "SRV-08", "failure_reason": null }, { "event_id": "EVT-00209", "timestamp": "2024-11-15T17:20:46.000Z", "type": "authentication", "subtype": "privilege_use", "user": "bwiśniewski", "hostname": "WS-018", "src_ip": "10.0.10.65", "success": true, "logon_type": 4, "process": "powershell.exe", "windows_event_id": 4648, "domain": "LOCAL", "workstation": "WS-018", "failure_reason": null }, { "event_id": "EVT-00210", "timestamp": "2024-11-15T17:28:02.000Z", "type": "authentication", "subtype": "logon", "user": "pkaminski", "hostname": "WS-001", "src_ip": "10.0.100.189", "success": true, "logon_type": 7, "process": "lsass.exe", "windows_event_id": 4771, "domain": "LOCAL", "workstation": "WS-001", "failure_reason": null }, { "event_id": "EVT-00211", "timestamp": "2024-11-15T17:30:28.000Z", "type": "authentication", "subtype": "privilege_use", "user": "kzielinska", "hostname": "DC-02", "src_ip": "10.0.10.23", "success": true, "logon_type": 7, "process": "lsass.exe", "windows_event_id": 4771, "domain": "CORP", "workstation": "DC-02", "failure_reason": null }, { "event_id": "EVT-00212", "timestamp": "2024-11-15T17:35:01.000Z", "type": "authentication", "subtype": "privilege_use", "user": "pkaminski", "hostname": "WS-016", "src_ip": "10.0.20.43", "success": true, "logon_type": 10, "process": "powershell.exe", "windows_event_id": 4624, "domain": "WORKGROUP", "workstation": "WS-016", "failure_reason": null }, { "event_id": "EVT-00213", "timestamp": "2024-11-15T17:43:11.000Z", "type": "authentication", "subtype": "failed_logon", "user": "bwiśniewski", "hostname": "FS-01", "src_ip": "10.0.100.182", "success": true, "logon_type": 10, "process": "lsass.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "FS-01", "failure_reason": null }, { "event_id": "EVT-00214", "timestamp": "2024-11-15T17:47:27.000Z", "type": "authentication", "subtype": "failed_logon", "user": "svc_scan", "hostname": "WS-003", "src_ip": "10.0.10.203", "success": true, "logon_type": 10, "process": "lsass.exe", "windows_event_id": 4769, "domain": "LOCAL", "workstation": "WS-003", "failure_reason": null }, { "event_id": "EVT-00215", "timestamp": "2024-11-15T17:52:56.000Z", "type": "authentication", "subtype": "logon", "user": "jkowalski", "hostname": "DC-01", "src_ip": "10.0.1.100", "success": true, "logon_type": 4, "process": "powershell.exe", "windows_event_id": 4624, "domain": "WORKGROUP", "workstation": "DC-01", "failure_reason": null }, { "event_id": "EVT-00216", "timestamp": "2024-11-15T17:55:35.000Z", "type": "authentication", "subtype": "logoff", "user": "tmazur", "hostname": "SRV-07", "src_ip": "10.0.2.253", "success": false, "logon_type": 4, "process": "winlogon.exe", "windows_event_id": 4625, "domain": "LOCAL", "workstation": "SRV-07", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00217", "timestamp": "2024-11-15T18:01:48.000Z", "type": "authentication", "subtype": "logoff", "user": "svc_scan", "hostname": "SRV-09", "src_ip": "10.0.30.92", "success": true, "logon_type": 4, "process": "cmd.exe", "windows_event_id": 4771, "domain": "WORKGROUP", "workstation": "SRV-09", "failure_reason": null }, { "event_id": "EVT-00218", "timestamp": "2024-11-15T18:08:31.000Z", "type": "authentication", "subtype": "account_lockout", "user": "jkowalski", "hostname": "WS-023", "src_ip": "10.0.1.122", "success": false, "logon_type": 10, "process": "cmd.exe", "windows_event_id": 4768, "domain": "WORKGROUP", "workstation": "WS-023", "failure_reason": "Account expired" }, { "event_id": "EVT-00219", "timestamp": "2024-11-15T18:10:12.000Z", "type": "authentication", "subtype": "privilege_use", "user": "SYSTEM", "hostname": "DC-02", "src_ip": "10.0.1.22", "success": true, "logon_type": 5, "process": "winlogon.exe", "windows_event_id": 4768, "domain": "CORP", "workstation": "DC-02", "failure_reason": null }, { "event_id": "EVT-00220", "timestamp": "2024-11-15T18:16:31.000Z", "type": "authentication", "subtype": "logoff", "user": "anowak", "hostname": "WS-008", "src_ip": "10.0.10.135", "success": false, "logon_type": 10, "process": "lsass.exe", "windows_event_id": 4768, "domain": "WORKGROUP", "workstation": "WS-008", "failure_reason": "Account locked" }, { "event_id": "EVT-00221", "timestamp": "2024-11-15T18:20:18.000Z", "type": "authentication", "subtype": "logoff", "user": "bwiśniewski", "hostname": "WS-029", "src_ip": "10.0.1.7", "success": true, "logon_type": 3, "process": "cmd.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "WS-029", "failure_reason": null }, { "event_id": "EVT-00222", "timestamp": "2024-11-15T18:27:31.000Z", "type": "authentication", "subtype": "account_lockout", "user": "admin", "hostname": "SRV-13", "src_ip": "10.0.100.119", "success": true, "logon_type": 4, "process": "cmd.exe", "windows_event_id": 4634, "domain": "WORKGROUP", "workstation": "SRV-13", "failure_reason": null }, { "event_id": "EVT-00223", "timestamp": "2024-11-15T18:33:23.000Z", "type": "authentication", "subtype": "failed_logon", "user": "pkaminski", "hostname": "WS-015", "src_ip": "10.0.0.39", "success": true, "logon_type": 4, "process": "svchost.exe", "windows_event_id": 4776, "domain": "CORP", "workstation": "WS-015", "failure_reason": null }, { "event_id": "EVT-00224", "timestamp": "2024-11-15T18:39:18.000Z", "type": "authentication", "subtype": "logoff", "user": "admin", "hostname": "FS-01", "src_ip": "10.0.2.216", "success": true, "logon_type": 10, "process": "wscript.exe", "windows_event_id": 4634, "domain": "CORP", "workstation": "FS-01", "failure_reason": null }, { "event_id": "EVT-00225", "timestamp": "2024-11-15T18:44:08.000Z", "type": "authentication", "subtype": "privilege_use", "user": "mwojcik", "hostname": "WS-021", "src_ip": "10.0.20.96", "success": false, "logon_type": 3, "process": "winlogon.exe", "windows_event_id": 4624, "domain": "LOCAL", "workstation": "WS-021", "failure_reason": "Account expired" }, { "event_id": "EVT-00226", "timestamp": "2024-11-15T18:49:10.000Z", "type": "authentication", "subtype": "account_lockout", "user": "tmazur", "hostname": "WS-029", "src_ip": "10.0.20.33", "success": false, "logon_type": 2, "process": "powershell.exe", "windows_event_id": 4776, "domain": "CORP", "workstation": "WS-029", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00227", "timestamp": "2024-11-15T18:54:32.000Z", "type": "authentication", "subtype": "failed_logon", "user": "tmazur", "hostname": "MAIL-01", "src_ip": "10.0.20.123", "success": false, "logon_type": 4, "process": "cmd.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "MAIL-01", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00228", "timestamp": "2024-11-15T18:58:57.000Z", "type": "authentication", "subtype": "logon", "user": "tmazur", "hostname": "FS-02", "src_ip": "10.0.2.175", "success": true, "logon_type": 7, "process": "lsass.exe", "windows_event_id": 4768, "domain": "CORP", "workstation": "FS-02", "failure_reason": null }, { "event_id": "EVT-00229", "timestamp": "2024-11-15T19:03:22.000Z", "type": "authentication", "subtype": "logon", "user": "kzielinska", "hostname": "WS-015", "src_ip": "10.0.30.16", "success": true, "logon_type": 7, "process": "wscript.exe", "windows_event_id": 4648, "domain": "LOCAL", "workstation": "WS-015", "failure_reason": null }, { "event_id": "EVT-00230", "timestamp": "2024-11-15T19:06:01.000Z", "type": "authentication", "subtype": "logon", "user": "mlewandowski", "hostname": "WS-018", "src_ip": "10.0.100.175", "success": false, "logon_type": 10, "process": "lsass.exe", "windows_event_id": 4771, "domain": "CORP", "workstation": "WS-018", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00231", "timestamp": "2024-11-15T19:10:58.000Z", "type": "authentication", "subtype": "failed_logon", "user": "tmazur", "hostname": "SRV-04", "src_ip": "10.0.50.39", "success": true, "logon_type": 10, "process": "powershell.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "SRV-04", "failure_reason": null }, { "event_id": "EVT-00232", "timestamp": "2024-11-15T19:17:19.000Z", "type": "authentication", "subtype": "privilege_use", "user": "tmazur", "hostname": "WS-023", "src_ip": "10.0.1.57", "success": false, "logon_type": 10, "process": "powershell.exe", "windows_event_id": 4771, "domain": "WORKGROUP", "workstation": "WS-023", "failure_reason": "Account expired" }, { "event_id": "EVT-00233", "timestamp": "2024-11-15T19:23:08.000Z", "type": "authentication", "subtype": "account_lockout", "user": "pkaminski", "hostname": "WS-028", "src_ip": "10.0.1.38", "success": true, "logon_type": 3, "process": "svchost.exe", "windows_event_id": 4776, "domain": "LOCAL", "workstation": "WS-028", "failure_reason": null }, { "event_id": "EVT-00234", "timestamp": "2024-11-15T19:28:05.000Z", "type": "authentication", "subtype": "logon", "user": "tmazur", "hostname": "SRV-09", "src_ip": "10.0.50.165", "success": false, "logon_type": 4, "process": "powershell.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "SRV-09", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00235", "timestamp": "2024-11-15T19:31:11.000Z", "type": "authentication", "subtype": "privilege_use", "user": "svc_scan", "hostname": "WS-009", "src_ip": "10.0.20.143", "success": true, "logon_type": 5, "process": "lsass.exe", "windows_event_id": 4768, "domain": "LOCAL", "workstation": "WS-009", "failure_reason": null }, { "event_id": "EVT-00236", "timestamp": "2024-11-15T19:38:14.000Z", "type": "authentication", "subtype": "logon", "user": "agórecka", "hostname": "MAIL-01", "src_ip": "10.0.0.41", "success": true, "logon_type": 4, "process": "svchost.exe", "windows_event_id": 4776, "domain": "CORP", "workstation": "MAIL-01", "failure_reason": null }, { "event_id": "EVT-00237", "timestamp": "2024-11-15T19:43:11.000Z", "type": "authentication", "subtype": "privilege_use", "user": "svc_backup", "hostname": "WS-019", "src_ip": "10.0.10.9", "success": true, "logon_type": 2, "process": "svchost.exe", "windows_event_id": 4776, "domain": "CORP", "workstation": "WS-019", "failure_reason": null }, { "event_id": "EVT-00238", "timestamp": "2024-11-15T19:48:36.000Z", "type": "authentication", "subtype": "privilege_use", "user": "admin", "hostname": "SRV-09", "src_ip": "10.0.20.162", "success": true, "logon_type": 10, "process": "powershell.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "SRV-09", "failure_reason": null }, { "event_id": "EVT-00239", "timestamp": "2024-11-15T19:52:10.000Z", "type": "authentication", "subtype": "account_lockout", "user": "mlewandowski", "hostname": "WS-002", "src_ip": "10.0.0.39", "success": true, "logon_type": 4, "process": "powershell.exe", "windows_event_id": 4634, "domain": "WORKGROUP", "workstation": "WS-002", "failure_reason": null }, { "event_id": "EVT-00240", "timestamp": "2024-11-15T19:58:40.000Z", "type": "authentication", "subtype": "failed_logon", "user": "pkaminski", "hostname": "WS-024", "src_ip": "10.0.0.76", "success": false, "logon_type": 4, "process": "cmd.exe", "windows_event_id": 4625, "domain": "LOCAL", "workstation": "WS-024", "failure_reason": "Account locked" }, { "event_id": "EVT-00241", "timestamp": "2024-11-15T20:00:38.000Z", "type": "authentication", "subtype": "logoff", "user": "SYSTEM", "hostname": "PROXY-01", "src_ip": "10.0.30.225", "success": true, "logon_type": 4, "process": "wscript.exe", "windows_event_id": 4768, "domain": "WORKGROUP", "workstation": "PROXY-01", "failure_reason": null }, { "event_id": "EVT-00242", "timestamp": "2024-11-15T20:05:34.000Z", "type": "authentication", "subtype": "account_lockout", "user": "svc_backup", "hostname": "WS-024", "src_ip": "10.0.30.212", "success": true, "logon_type": 3, "process": "lsass.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "WS-024", "failure_reason": null }, { "event_id": "EVT-00243", "timestamp": "2024-11-15T20:13:21.000Z", "type": "authentication", "subtype": "logoff", "user": "agórecka", "hostname": "SRV-03", "src_ip": "10.0.1.57", "success": true, "logon_type": 3, "process": "cmd.exe", "windows_event_id": 4648, "domain": "CORP", "workstation": "SRV-03", "failure_reason": null }, { "event_id": "EVT-00244", "timestamp": "2024-11-15T20:19:54.000Z", "type": "authentication", "subtype": "account_lockout", "user": "SYSTEM", "hostname": "SRV-11", "src_ip": "10.0.1.108", "success": true, "logon_type": 5, "process": "lsass.exe", "windows_event_id": 4625, "domain": "CORP", "workstation": "SRV-11", "failure_reason": null }, { "event_id": "EVT-00245", "timestamp": "2024-11-15T20:22:08.000Z", "type": "authentication", "subtype": "privilege_use", "user": "jkowalski", "hostname": "WS-020", "src_ip": "10.0.30.46", "success": true, "logon_type": 10, "process": "svchost.exe", "windows_event_id": 4624, "domain": "LOCAL", "workstation": "WS-020", "failure_reason": null }, { "event_id": "EVT-00246", "timestamp": "2024-11-15T20:26:44.000Z", "type": "authentication", "subtype": "logoff", "user": "NT AUTHORITY", "hostname": "WS-009", "src_ip": "10.0.20.34", "success": false, "logon_type": 3, "process": "winlogon.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "WS-009", "failure_reason": "Bad password" }, { "event_id": "EVT-00247", "timestamp": "2024-11-15T20:33:02.000Z", "type": "authentication", "subtype": "logoff", "user": "anowak", "hostname": "SRV-02", "src_ip": "10.0.1.10", "success": false, "logon_type": 10, "process": "cmd.exe", "windows_event_id": 4624, "domain": "WORKGROUP", "workstation": "SRV-02", "failure_reason": "Bad password" }, { "event_id": "EVT-00248", "timestamp": "2024-11-15T20:35:48.000Z", "type": "authentication", "subtype": "logon", "user": "agórecka", "hostname": "WS-020", "src_ip": "10.0.1.237", "success": false, "logon_type": 7, "process": "winlogon.exe", "windows_event_id": 4648, "domain": "CORP", "workstation": "WS-020", "failure_reason": "Account expired" }, { "event_id": "EVT-00249", "timestamp": "2024-11-15T20:42:37.000Z", "type": "authentication", "subtype": "failed_logon", "user": "jkowalski", "hostname": "MAIL-01", "src_ip": "10.0.30.43", "success": false, "logon_type": 7, "process": "wscript.exe", "windows_event_id": 4648, "domain": "LOCAL", "workstation": "MAIL-01", "failure_reason": "Bad password" }, { "event_id": "EVT-00250", "timestamp": "2024-11-15T20:45:33.000Z", "type": "authentication", "subtype": "logoff", "user": "anowak", "hostname": "PROXY-01", "src_ip": "10.0.10.248", "success": true, "logon_type": 4, "process": "winlogon.exe", "windows_event_id": 4624, "domain": "LOCAL", "workstation": "PROXY-01", "failure_reason": null }, { "event_id": "EVT-00251", "timestamp": "2024-11-15T20:53:23.000Z", "type": "authentication", "subtype": "account_lockout", "user": "anowak", "hostname": "SRV-04", "src_ip": "10.0.2.114", "success": true, "logon_type": 10, "process": "lsass.exe", "windows_event_id": 4634, "domain": "WORKGROUP", "workstation": "SRV-04", "failure_reason": null }, { "event_id": "EVT-00252", "timestamp": "2024-11-15T20:56:26.000Z", "type": "authentication", "subtype": "logon", "user": "kzielinska", "hostname": "SRV-04", "src_ip": "10.0.30.33", "success": true, "logon_type": 5, "process": "lsass.exe", "windows_event_id": 4634, "domain": "WORKGROUP", "workstation": "SRV-04", "failure_reason": null }, { "event_id": "EVT-00253", "timestamp": "2024-11-15T21:04:46.000Z", "type": "authentication", "subtype": "logon", "user": "SYSTEM", "hostname": "WS-019", "src_ip": "10.0.1.85", "success": true, "logon_type": 5, "process": "lsass.exe", "windows_event_id": 4771, "domain": "WORKGROUP", "workstation": "WS-019", "failure_reason": null }, { "event_id": "EVT-00254", "timestamp": "2024-11-15T21:08:14.000Z", "type": "authentication", "subtype": "account_lockout", "user": "bwiśniewski", "hostname": "WS-020", "src_ip": "10.0.50.76", "success": true, "logon_type": 5, "process": "winlogon.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "WS-020", "failure_reason": null }, { "event_id": "EVT-00255", "timestamp": "2024-11-15T21:13:43.000Z", "type": "authentication", "subtype": "logon", "user": "svc_backup", "hostname": "WS-001", "src_ip": "10.0.50.114", "success": true, "logon_type": 7, "process": "wscript.exe", "windows_event_id": 4625, "domain": "CORP", "workstation": "WS-001", "failure_reason": null }, { "event_id": "EVT-00256", "timestamp": "2024-11-15T21:19:06.000Z", "type": "authentication", "subtype": "logoff", "user": "pkaminski", "hostname": "DC-02", "src_ip": "10.0.1.95", "success": true, "logon_type": 3, "process": "svchost.exe", "windows_event_id": 4648, "domain": "LOCAL", "workstation": "DC-02", "failure_reason": null }, { "event_id": "EVT-00257", "timestamp": "2024-11-15T21:21:53.000Z", "type": "authentication", "subtype": "privilege_use", "user": "NT AUTHORITY", "hostname": "WS-008", "src_ip": "10.0.100.73", "success": true, "logon_type": 10, "process": "cmd.exe", "windows_event_id": 4768, "domain": "LOCAL", "workstation": "WS-008", "failure_reason": null }, { "event_id": "EVT-00258", "timestamp": "2024-11-15T21:29:25.000Z", "type": "authentication", "subtype": "privilege_use", "user": "kzielinska", "hostname": "SRV-14", "src_ip": "10.0.20.39", "success": true, "logon_type": 5, "process": "lsass.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "SRV-14", "failure_reason": null }, { "event_id": "EVT-00259", "timestamp": "2024-11-15T21:31:01.000Z", "type": "authentication", "subtype": "logon", "user": "bwiśniewski", "hostname": "SRV-12", "src_ip": "10.0.0.214", "success": true, "logon_type": 2, "process": "powershell.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "SRV-12", "failure_reason": null }, { "event_id": "EVT-00260", "timestamp": "2024-11-15T21:36:19.000Z", "type": "authentication", "subtype": "account_lockout", "user": "kzielinska", "hostname": "WS-021", "src_ip": "10.0.1.196", "success": true, "logon_type": 2, "process": "wscript.exe", "windows_event_id": 4776, "domain": "WORKGROUP", "workstation": "WS-021", "failure_reason": null }, { "event_id": "EVT-00261", "timestamp": "2024-11-15T21:43:32.000Z", "type": "authentication", "subtype": "failed_logon", "user": "mwojcik", "hostname": "SRV-03", "src_ip": "10.0.30.209", "success": true, "logon_type": 7, "process": "cmd.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "SRV-03", "failure_reason": null }, { "event_id": "EVT-00262", "timestamp": "2024-11-15T21:48:28.000Z", "type": "authentication", "subtype": "failed_logon", "user": "kzielinska", "hostname": "WS-008", "src_ip": "10.0.50.115", "success": true, "logon_type": 5, "process": "lsass.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "WS-008", "failure_reason": null }, { "event_id": "EVT-00263", "timestamp": "2024-11-15T21:51:31.000Z", "type": "authentication", "subtype": "privilege_use", "user": "mlewandowski", "hostname": "WS-020", "src_ip": "10.0.2.81", "success": true, "logon_type": 10, "process": "powershell.exe", "windows_event_id": 4776, "domain": "CORP", "workstation": "WS-020", "failure_reason": null }, { "event_id": "EVT-00264", "timestamp": "2024-11-15T21:59:43.000Z", "type": "authentication", "subtype": "account_lockout", "user": "admin", "hostname": "SRV-14", "src_ip": "10.0.100.123", "success": true, "logon_type": 7, "process": "winlogon.exe", "windows_event_id": 4624, "domain": "WORKGROUP", "workstation": "SRV-14", "failure_reason": null }, { "event_id": "EVT-00265", "timestamp": "2024-11-15T22:04:43.000Z", "type": "authentication", "subtype": "failed_logon", "user": "agórecka", "hostname": "WS-025", "src_ip": "10.0.20.84", "success": true, "logon_type": 2, "process": "lsass.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "WS-025", "failure_reason": null }, { "event_id": "EVT-00266", "timestamp": "2024-11-15T22:09:01.000Z", "type": "authentication", "subtype": "failed_logon", "user": "NT AUTHORITY", "hostname": "MAIL-01", "src_ip": "10.0.50.26", "success": true, "logon_type": 5, "process": "svchost.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "MAIL-01", "failure_reason": null }, { "event_id": "EVT-00267", "timestamp": "2024-11-15T22:11:15.000Z", "type": "authentication", "subtype": "failed_logon", "user": "tmazur", "hostname": "WS-016", "src_ip": "10.0.1.235", "success": false, "logon_type": 10, "process": "lsass.exe", "windows_event_id": 4768, "domain": "CORP", "workstation": "WS-016", "failure_reason": "Account expired" }, { "event_id": "EVT-00268", "timestamp": "2024-11-15T22:15:29.000Z", "type": "authentication", "subtype": "privilege_use", "user": "pkaminski", "hostname": "WS-021", "src_ip": "10.0.50.70", "success": false, "logon_type": 2, "process": "wscript.exe", "windows_event_id": 4776, "domain": "LOCAL", "workstation": "WS-021", "failure_reason": "Bad password" }, { "event_id": "EVT-00269", "timestamp": "2024-11-15T22:22:36.000Z", "type": "authentication", "subtype": "logon", "user": "tmazur", "hostname": "WS-025", "src_ip": "10.0.100.27", "success": true, "logon_type": 10, "process": "wscript.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "WS-025", "failure_reason": null }, { "event_id": "EVT-00270", "timestamp": "2024-11-15T22:27:10.000Z", "type": "authentication", "subtype": "account_lockout", "user": "bwiśniewski", "hostname": "PROXY-01", "src_ip": "10.0.20.95", "success": true, "logon_type": 5, "process": "winlogon.exe", "windows_event_id": 4776, "domain": "LOCAL", "workstation": "PROXY-01", "failure_reason": null }, { "event_id": "EVT-00271", "timestamp": "2024-11-15T22:34:13.000Z", "type": "authentication", "subtype": "failed_logon", "user": "NT AUTHORITY", "hostname": "WS-005", "src_ip": "10.0.20.14", "success": true, "logon_type": 4, "process": "cmd.exe", "windows_event_id": 4771, "domain": "CORP", "workstation": "WS-005", "failure_reason": null }, { "event_id": "EVT-00272", "timestamp": "2024-11-15T22:39:06.000Z", "type": "authentication", "subtype": "account_lockout", "user": "admin", "hostname": "WS-006", "src_ip": "10.0.30.71", "success": true, "logon_type": 2, "process": "cmd.exe", "windows_event_id": 4776, "domain": "WORKGROUP", "workstation": "WS-006", "failure_reason": null }, { "event_id": "EVT-00273", "timestamp": "2024-11-15T22:42:32.000Z", "type": "authentication", "subtype": "failed_logon", "user": "mwojcik", "hostname": "WS-005", "src_ip": "10.0.50.171", "success": true, "logon_type": 7, "process": "svchost.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "WS-005", "failure_reason": null }, { "event_id": "EVT-00274", "timestamp": "2024-11-15T22:48:42.000Z", "type": "authentication", "subtype": "account_lockout", "user": "kzielinska", "hostname": "SRV-04", "src_ip": "10.0.2.227", "success": true, "logon_type": 2, "process": "wscript.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "SRV-04", "failure_reason": null }, { "event_id": "EVT-00275", "timestamp": "2024-11-15T22:53:17.000Z", "type": "authentication", "subtype": "account_lockout", "user": "bwiśniewski", "hostname": "MAIL-01", "src_ip": "10.0.50.241", "success": false, "logon_type": 7, "process": "wscript.exe", "windows_event_id": 4624, "domain": "LOCAL", "workstation": "MAIL-01", "failure_reason": "Account locked" }, { "event_id": "EVT-00276", "timestamp": "2024-11-15T22:56:47.000Z", "type": "authentication", "subtype": "failed_logon", "user": "tmazur", "hostname": "WS-016", "src_ip": "10.0.50.107", "success": true, "logon_type": 4, "process": "lsass.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "WS-016", "failure_reason": null }, { "event_id": "EVT-00277", "timestamp": "2024-11-15T23:01:16.000Z", "type": "authentication", "subtype": "account_lockout", "user": "agórecka", "hostname": "SRV-13", "src_ip": "10.0.10.105", "success": true, "logon_type": 3, "process": "lsass.exe", "windows_event_id": 4634, "domain": "CORP", "workstation": "SRV-13", "failure_reason": null }, { "event_id": "EVT-00278", "timestamp": "2024-11-15T23:08:31.000Z", "type": "authentication", "subtype": "account_lockout", "user": "jkowalski", "hostname": "WS-020", "src_ip": "10.0.50.110", "success": false, "logon_type": 10, "process": "lsass.exe", "windows_event_id": 4648, "domain": "CORP", "workstation": "WS-020", "failure_reason": "Account expired" }, { "event_id": "EVT-00279", "timestamp": "2024-11-15T23:14:11.000Z", "type": "authentication", "subtype": "logon", "user": "pkaminski", "hostname": "WS-018", "src_ip": "10.0.100.202", "success": false, "logon_type": 2, "process": "lsass.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "WS-018", "failure_reason": "Account expired" }, { "event_id": "EVT-00280", "timestamp": "2024-11-15T23:17:42.000Z", "type": "authentication", "subtype": "logon", "user": "NT AUTHORITY", "hostname": "WS-027", "src_ip": "10.0.50.243", "success": false, "logon_type": 10, "process": "winlogon.exe", "windows_event_id": 4648, "domain": "CORP", "workstation": "WS-027", "failure_reason": "Bad password" }, { "event_id": "EVT-00281", "timestamp": "2024-11-15T23:24:16.000Z", "type": "authentication", "subtype": "privilege_use", "user": "mlewandowski", "hostname": "SRV-09", "src_ip": "10.0.1.62", "success": true, "logon_type": 7, "process": "lsass.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "SRV-09", "failure_reason": null }, { "event_id": "EVT-00282", "timestamp": "2024-11-15T23:26:59.000Z", "type": "authentication", "subtype": "privilege_use", "user": "NT AUTHORITY", "hostname": "WS-025", "src_ip": "10.0.10.38", "success": true, "logon_type": 2, "process": "winlogon.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "WS-025", "failure_reason": null }, { "event_id": "EVT-00283", "timestamp": "2024-11-15T23:30:31.000Z", "type": "authentication", "subtype": "account_lockout", "user": "bwiśniewski", "hostname": "SRV-09", "src_ip": "10.0.30.181", "success": true, "logon_type": 2, "process": "svchost.exe", "windows_event_id": 4771, "domain": "WORKGROUP", "workstation": "SRV-09", "failure_reason": null }, { "event_id": "EVT-00284", "timestamp": "2024-11-15T23:36:23.000Z", "type": "authentication", "subtype": "privilege_use", "user": "svc_backup", "hostname": "WS-018", "src_ip": "10.0.30.212", "success": false, "logon_type": 4, "process": "lsass.exe", "windows_event_id": 4624, "domain": "LOCAL", "workstation": "WS-018", "failure_reason": "Bad password" }, { "event_id": "EVT-00285", "timestamp": "2024-11-15T23:41:16.000Z", "type": "authentication", "subtype": "account_lockout", "user": "svc_scan", "hostname": "SRV-14", "src_ip": "10.0.50.81", "success": true, "logon_type": 10, "process": "wscript.exe", "windows_event_id": 4769, "domain": "LOCAL", "workstation": "SRV-14", "failure_reason": null }, { "event_id": "EVT-00286", "timestamp": "2024-11-15T23:48:24.000Z", "type": "authentication", "subtype": "logon", "user": "anowak", "hostname": "WS-016", "src_ip": "10.0.50.239", "success": true, "logon_type": 4, "process": "svchost.exe", "windows_event_id": 4625, "domain": "CORP", "workstation": "WS-016", "failure_reason": null }, { "event_id": "EVT-00287", "timestamp": "2024-11-15T23:53:40.000Z", "type": "authentication", "subtype": "failed_logon", "user": "agórecka", "hostname": "WS-011", "src_ip": "10.0.50.204", "success": false, "logon_type": 2, "process": "svchost.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "WS-011", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00288", "timestamp": "2024-11-15T23:58:56.000Z", "type": "authentication", "subtype": "logon", "user": "svc_scan", "hostname": "WS-022", "src_ip": "10.0.2.180", "success": true, "logon_type": 4, "process": "cmd.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "WS-022", "failure_reason": null }, { "event_id": "EVT-00289", "timestamp": "2024-11-16T00:02:29.000Z", "type": "authentication", "subtype": "logon", "user": "kzielinska", "hostname": "SRV-07", "src_ip": "10.0.0.166", "success": true, "logon_type": 10, "process": "winlogon.exe", "windows_event_id": 4776, "domain": "LOCAL", "workstation": "SRV-07", "failure_reason": null }, { "event_id": "EVT-00290", "timestamp": "2024-11-16T00:07:20.000Z", "type": "authentication", "subtype": "account_lockout", "user": "pkaminski", "hostname": "WS-013", "src_ip": "10.0.1.30", "success": false, "logon_type": 3, "process": "winlogon.exe", "windows_event_id": 4634, "domain": "LOCAL", "workstation": "WS-013", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00291", "timestamp": "2024-11-16T00:13:55.000Z", "type": "authentication", "subtype": "logoff", "user": "SYSTEM", "hostname": "WS-029", "src_ip": "10.0.20.46", "success": true, "logon_type": 10, "process": "cmd.exe", "windows_event_id": 4769, "domain": "WORKGROUP", "workstation": "WS-029", "failure_reason": null }, { "event_id": "EVT-00292", "timestamp": "2024-11-16T00:16:25.000Z", "type": "authentication", "subtype": "privilege_use", "user": "mwojcik", "hostname": "WS-024", "src_ip": "10.0.10.7", "success": false, "logon_type": 2, "process": "cmd.exe", "windows_event_id": 4648, "domain": "CORP", "workstation": "WS-024", "failure_reason": "Logon outside hours" }, { "event_id": "EVT-00293", "timestamp": "2024-11-16T00:20:25.000Z", "type": "authentication", "subtype": "account_lockout", "user": "mwojcik", "hostname": "WS-011", "src_ip": "10.0.50.155", "success": true, "logon_type": 4, "process": "winlogon.exe", "windows_event_id": 4625, "domain": "WORKGROUP", "workstation": "WS-011", "failure_reason": null }, { "event_id": "EVT-00294", "timestamp": "2024-11-16T00:25:45.000Z", "type": "authentication", "subtype": "account_lockout", "user": "pkaminski", "hostname": "WS-008", "src_ip": "10.0.50.199", "success": true, "logon_type": 5, "process": "wscript.exe", "windows_event_id": 4776, "domain": "CORP", "workstation": "WS-008", "failure_reason": null }, { "event_id": "EVT-00295", "timestamp": "2024-11-16T00:32:18.000Z", "type": "authentication", "subtype": "privilege_use", "user": "mwojcik", "hostname": "WS-013", "src_ip": "10.0.50.35", "success": true, "logon_type": 5, "process": "winlogon.exe", "windows_event_id": 4648, "domain": "WORKGROUP", "workstation": "WS-013", "failure_reason": null }, { "event_id": "EVT-00296", "timestamp": "2024-11-16T00:36:26.000Z", "type": "authentication", "subtype": "logoff", "user": "svc_scan", "hostname": "WS-027", "src_ip": "10.0.0.76", "success": true, "logon_type": 4, "process": "winlogon.exe", "windows_event_id": 4776, "domain": "CORP", "workstation": "WS-027", "failure_reason": null }, { "event_id": "EVT-00297", "timestamp": "2024-11-16T00:43:05.000Z", "type": "authentication", "subtype": "logon", "user": "tmazur", "hostname": "SRV-13", "src_ip": "10.0.100.36", "success": true, "logon_type": 4, "process": "wscript.exe", "windows_event_id": 4771, "domain": "LOCAL", "workstation": "SRV-13", "failure_reason": null }, { "event_id": "EVT-00298", "timestamp": "2024-11-16T00:48:47.000Z", "type": "authentication", "subtype": "account_lockout", "user": "mwojcik", "hostname": "FS-01", "src_ip": "10.0.20.20", "success": true, "logon_type": 2, "process": "cmd.exe", "windows_event_id": 4624, "domain": "CORP", "workstation": "FS-01", "failure_reason": null }, { "event_id": "EVT-00299", "timestamp": "2024-11-16T00:52:38.000Z", "type": "authentication", "subtype": "account_lockout", "user": "tmazur", "hostname": "SRV-02", "src_ip": "10.0.0.3", "success": true, "logon_type": 4, "process": "cmd.exe", "windows_event_id": 4771, "domain": "WORKGROUP", "workstation": "SRV-02", "failure_reason": null }, { "event_id": "EVT-00300", "timestamp": "2024-11-16T00:59:02.000Z", "type": "authentication", "subtype": "account_lockout", "user": "kzielinska", "hostname": "WS-009", "src_ip": "10.0.2.68", "success": true, "logon_type": 3, "process": "cmd.exe", "windows_event_id": 4776, "domain": "WORKGROUP", "workstation": "WS-009", "failure_reason": null } ], "network_flows": [ { "flow_id": "FLOW-00001", "timestamp": "2024-11-15T00:00:07.000Z", "src_ip": "10.0.2.24", "src_port": 21554, "dst_ip": "136.221.72.67", "dst_port": 80, "protocol": "TCP", "bytes_in": 4187746, "bytes_out": 1828108, "packets_in": 4604, "packets_out": 5908, "duration_ms": 225489, "direction": "outbound", "action": "blocked", "geo": { "country": "BR", "city": "Beijing" } }, { "flow_id": "FLOW-00002", "timestamp": "2024-11-15T00:06:54.000Z", "src_ip": "10.0.50.230", "src_port": 61504, "dst_ip": "189.251.77.143", "dst_port": 4444, "protocol": "TCP", "bytes_in": 1584839, "bytes_out": 311744, "packets_in": 895, "packets_out": 3767, "duration_ms": 96019, "direction": "inbound", "action": "blocked", "geo": { "country": "CN", "city": "New York" } }, { "flow_id": "FLOW-00003", "timestamp": "2024-11-15T00:12:28.000Z", "src_ip": "10.0.50.31", "src_port": 24388, "dst_ip": "10.0.100.12", "dst_port": 1337, "protocol": "UDP", "bytes_in": 3840030, "bytes_out": 1033935, "packets_in": 1844, "packets_out": 2426, "duration_ms": 64831, "direction": "outbound", "action": "allowed", "geo": { "country": "RU", "city": "Beijing" } }, { "flow_id": "FLOW-00004", "timestamp": "2024-11-15T00:18:49.000Z", "src_ip": "44.139.108.150", "src_port": 38431, "dst_ip": "10.0.0.136", "dst_port": 53, "protocol": "UDP", "bytes_in": 644606, "bytes_out": 516293, "packets_in": 8162, "packets_out": 1546, "duration_ms": 172312, "direction": "inbound", "action": "blocked", "geo": { "country": "DE", "city": "Amsterdam" } }, { "flow_id": "FLOW-00005", "timestamp": "2024-11-15T00:24:17.000Z", "src_ip": "28.165.78.8", "src_port": 39965, "dst_ip": "213.245.232.161", "dst_port": 80, "protocol": "UDP", "bytes_in": 367879, "bytes_out": 1376158, "packets_in": 7424, "packets_out": 5324, "duration_ms": 298403, "direction": "inbound", "action": "allowed", "geo": { "country": "PL", "city": "Beijing" } }, { "flow_id": "FLOW-00006", "timestamp": "2024-11-15T00:30:01.000Z", "src_ip": "15.36.195.24", "src_port": 56883, "dst_ip": "46.122.204.23", "dst_port": 22, "protocol": "TCP", "bytes_in": 3259062, "bytes_out": 1634778, "packets_in": 6593, "packets_out": 4669, "duration_ms": 80811, "direction": "inbound", "action": "blocked", "geo": { "country": "GB", "city": "Amsterdam" } }, { "flow_id": "FLOW-00007", "timestamp": "2024-11-15T00:36:42.000Z", "src_ip": "10.0.20.233", "src_port": 7322, "dst_ip": "10.0.2.93", "dst_port": 3389, "protocol": "ICMP", "bytes_in": 1676705, "bytes_out": 1026877, "packets_in": 7299, "packets_out": 6359, "duration_ms": 249792, "direction": "outbound", "action": "alerted", "geo": { "country": "BR", "city": "Amsterdam" } }, { "flow_id": "FLOW-00008", "timestamp": "2024-11-15T00:42:32.000Z", "src_ip": "109.188.95.112", "src_port": 23420, "dst_ip": "10.0.1.12", "dst_port": 4444, "protocol": "ICMP", "bytes_in": 1881043, "bytes_out": 1358201, "packets_in": 2541, "packets_out": 8116, "duration_ms": 276446, "direction": "lateral", "action": "alerted", "geo": { "country": "FR", "city": "Berlin" } }, { "flow_id": "FLOW-00009", "timestamp": "2024-11-15T00:48:27.000Z", "src_ip": "112.40.244.77", "src_port": 20388, "dst_ip": "33.153.127.134", "dst_port": 9001, "protocol": "TCP", "bytes_in": 4622139, "bytes_out": 160564, "packets_in": 739, "packets_out": 8412, "duration_ms": 56431, "direction": "lateral", "action": "blocked", "geo": { "country": "NL", "city": "Berlin" } }, { "flow_id": "FLOW-00010", "timestamp": "2024-11-15T00:54:47.000Z", "src_ip": "185.129.181.66", "src_port": 44381, "dst_ip": "10.0.0.31", "dst_port": 4444, "protocol": "TCP", "bytes_in": 1528536, "bytes_out": 1767774, "packets_in": 6439, "packets_out": 742, "duration_ms": 43669, "direction": "outbound", "action": "alerted", "geo": { "country": "CN", "city": "Kyiv" } }, { "flow_id": "FLOW-00011", "timestamp": "2024-11-15T01:00:58.000Z", "src_ip": "10.0.100.195", "src_port": 58128, "dst_ip": "10.0.20.89", "dst_port": 53, "protocol": "TCP", "bytes_in": 1552689, "bytes_out": 164104, "packets_in": 9897, "packets_out": 4249, "duration_ms": 55748, "direction": "outbound", "action": "alerted", "geo": { "country": "PL", "city": "Warsaw" } }, { "flow_id": "FLOW-00012", "timestamp": "2024-11-15T01:06:39.000Z", "src_ip": "4.87.244.118", "src_port": 54313, "dst_ip": "10.0.100.79", "dst_port": 9001, "protocol": "UDP", "bytes_in": 3313540, "bytes_out": 1687517, "packets_in": 4959, "packets_out": 1436, "duration_ms": 65583, "direction": "inbound", "action": "allowed", "geo": { "country": "RU", "city": "Berlin" } }, { "flow_id": "FLOW-00013", "timestamp": "2024-11-15T01:12:53.000Z", "src_ip": "10.0.10.221", "src_port": 42053, "dst_ip": "124.74.123.112", "dst_port": 1337, "protocol": "TCP", "bytes_in": 722269, "bytes_out": 631134, "packets_in": 7593, "packets_out": 2428, "duration_ms": 248507, "direction": "outbound", "action": "allowed", "geo": { "country": "DE", "city": "New York" } }, { "flow_id": "FLOW-00014", "timestamp": "2024-11-15T01:18:18.000Z", "src_ip": "10.0.100.248", "src_port": 38342, "dst_ip": "6.230.124.52", "dst_port": 8080, "protocol": "TCP", "bytes_in": 2800601, "bytes_out": 16577, "packets_in": 1683, "packets_out": 7075, "duration_ms": 217940, "direction": "outbound", "action": "alerted", "geo": { "country": "BR", "city": "São Paulo" } }, { "flow_id": "FLOW-00015", "timestamp": "2024-11-15T01:24:03.000Z", "src_ip": "10.0.20.11", "src_port": 35647, "dst_ip": "125.249.118.183", "dst_port": 80, "protocol": "UDP", "bytes_in": 4835285, "bytes_out": 662449, "packets_in": 9065, "packets_out": 1041, "duration_ms": 140430, "direction": "lateral", "action": "blocked", "geo": { "country": "GB", "city": "Berlin" } }, { "flow_id": "FLOW-00016", "timestamp": "2024-11-15T01:30:22.000Z", "src_ip": "166.177.229.179", "src_port": 29736, "dst_ip": "42.147.98.121", "dst_port": 22, "protocol": "ICMP", "bytes_in": 1843060, "bytes_out": 1232473, "packets_in": 5557, "packets_out": 9865, "duration_ms": 245612, "direction": "inbound", "action": "blocked", "geo": { "country": "NL", "city": "Amsterdam" } }, { "flow_id": "FLOW-00017", "timestamp": "2024-11-15T01:36:44.000Z", "src_ip": "10.0.30.205", "src_port": 50127, "dst_ip": "217.82.106.73", "dst_port": 443, "protocol": "ICMP", "bytes_in": 4050836, "bytes_out": 270799, "packets_in": 2840, "packets_out": 3269, "duration_ms": 81954, "direction": "lateral", "action": "blocked", "geo": { "country": "DE", "city": "Amsterdam" } }, { "flow_id": "FLOW-00018", "timestamp": "2024-11-15T01:42:56.000Z", "src_ip": "10.0.100.79", "src_port": 18116, "dst_ip": "143.24.9.92", "dst_port": 3389, "protocol": "ICMP", "bytes_in": 1330543, "bytes_out": 366467, "packets_in": 8249, "packets_out": 524, "duration_ms": 33380, "direction": "outbound", "action": "blocked", "geo": { "country": "DE", "city": "São Paulo" } }, { "flow_id": "FLOW-00019", "timestamp": "2024-11-15T01:48:02.000Z", "src_ip": "144.114.249.67", "src_port": 51492, "dst_ip": "10.0.30.198", "dst_port": 1337, "protocol": "UDP", "bytes_in": 1268240, "bytes_out": 1789790, "packets_in": 8445, "packets_out": 9901, "duration_ms": 54601, "direction": "lateral", "action": "allowed", "geo": { "country": "GB", "city": "London" } }, { "flow_id": "FLOW-00020", "timestamp": "2024-11-15T01:54:06.000Z", "src_ip": "10.0.1.251", "src_port": 11971, "dst_ip": "157.52.21.130", "dst_port": 443, "protocol": "TCP", "bytes_in": 3033707, "bytes_out": 329385, "packets_in": 4787, "packets_out": 7234, "duration_ms": 265236, "direction": "outbound", "action": "alerted", "geo": { "country": "DE", "city": "New York" } }, { "flow_id": "FLOW-00021", "timestamp": "2024-11-15T02:00:26.000Z", "src_ip": "10.0.30.211", "src_port": 51435, "dst_ip": "218.103.224.249", "dst_port": 80, "protocol": "TCP", "bytes_in": 3973440, "bytes_out": 715864, "packets_in": 4699, "packets_out": 8275, "duration_ms": 89791, "direction": "inbound", "action": "blocked", "geo": { "country": "UA", "city": "Amsterdam" } }, { "flow_id": "FLOW-00022", "timestamp": "2024-11-15T02:06:14.000Z", "src_ip": "171.125.77.193", "src_port": 10067, "dst_ip": "10.0.50.203", "dst_port": 8080, "protocol": "UDP", "bytes_in": 3433599, "bytes_out": 1883443, "packets_in": 7517, "packets_out": 8457, "duration_ms": 189674, "direction": "inbound", "action": "blocked", "geo": { "country": "US", "city": "Warsaw" } }, { "flow_id": "FLOW-00023", "timestamp": "2024-11-15T02:12:25.000Z", "src_ip": "10.0.1.23", "src_port": 50778, "dst_ip": "103.84.222.16", "dst_port": 80, "protocol": "ICMP", "bytes_in": 1266341, "bytes_out": 1892767, "packets_in": 9414, "packets_out": 948, "duration_ms": 272514, "direction": "outbound", "action": "blocked", "geo": { "country": "NL", "city": "Paris" } }, { "flow_id": "FLOW-00024", "timestamp": "2024-11-15T02:18:25.000Z", "src_ip": "10.0.30.234", "src_port": 30265, "dst_ip": "212.143.75.180", "dst_port": 22, "protocol": "ICMP", "bytes_in": 3709035, "bytes_out": 1462766, "packets_in": 5657, "packets_out": 6628, "duration_ms": 103440, "direction": "outbound", "action": "allowed", "geo": { "country": "PL", "city": "Paris" } }, { "flow_id": "FLOW-00025", "timestamp": "2024-11-15T02:24:40.000Z", "src_ip": "186.64.145.55", "src_port": 11511, "dst_ip": "142.159.174.194", "dst_port": 80, "protocol": "TCP", "bytes_in": 4529347, "bytes_out": 1242634, "packets_in": 4239, "packets_out": 3955, "duration_ms": 159354, "direction": "lateral", "action": "blocked", "geo": { "country": "FR", "city": "Berlin" } }, { "flow_id": "FLOW-00026", "timestamp": "2024-11-15T02:30:03.000Z", "src_ip": "10.0.30.68", "src_port": 50605, "dst_ip": "10.0.30.33", "dst_port": 443, "protocol": "UDP", "bytes_in": 2499542, "bytes_out": 1200547, "packets_in": 86, "packets_out": 7425, "duration_ms": 177724, "direction": "inbound", "action": "alerted", "geo": { "country": "BR", "city": "São Paulo" } }, { "flow_id": "FLOW-00027", "timestamp": "2024-11-15T02:36:47.000Z", "src_ip": "10.0.10.91", "src_port": 17252, "dst_ip": "171.71.193.134", "dst_port": 443, "protocol": "UDP", "bytes_in": 4332375, "bytes_out": 1221380, "packets_in": 3155, "packets_out": 5920, "duration_ms": 238190, "direction": "inbound", "action": "allowed", "geo": { "country": "NL", "city": "Amsterdam" } }, { "flow_id": "FLOW-00028", "timestamp": "2024-11-15T02:42:35.000Z", "src_ip": "16.217.66.122", "src_port": 35033, "dst_ip": "20.189.206.151", "dst_port": 8080, "protocol": "UDP", "bytes_in": 4901559, "bytes_out": 1046180, "packets_in": 6938, "packets_out": 7211, "duration_ms": 256661, "direction": "lateral", "action": "blocked", "geo": { "country": "US", "city": "New York" } }, { "flow_id": "FLOW-00029", "timestamp": "2024-11-15T02:48:30.000Z", "src_ip": "10.0.100.184", "src_port": 3160, "dst_ip": "181.60.108.117", "dst_port": 53, "protocol": "ICMP", "bytes_in": 3098245, "bytes_out": 1933003, "packets_in": 1946, "packets_out": 9857, "duration_ms": 214235, "direction": "inbound", "action": "allowed", "geo": { "country": "UA", "city": "São Paulo" } }, { "flow_id": "FLOW-00030", "timestamp": "2024-11-15T02:54:01.000Z", "src_ip": "134.78.60.96", "src_port": 52876, "dst_ip": "96.155.150.125", "dst_port": 53, "protocol": "TCP", "bytes_in": 4946190, "bytes_out": 884552, "packets_in": 798, "packets_out": 5000, "duration_ms": 148627, "direction": "inbound", "action": "allowed", "geo": { "country": "GB", "city": "Warsaw" } }, { "flow_id": "FLOW-00031", "timestamp": "2024-11-15T03:00:24.000Z", "src_ip": "90.34.22.107", "src_port": 32168, "dst_ip": "80.231.172.201", "dst_port": 9001, "protocol": "TCP", "bytes_in": 1162073, "bytes_out": 1058630, "packets_in": 7552, "packets_out": 7372, "duration_ms": 235445, "direction": "inbound", "action": "alerted", "geo": { "country": "UA", "city": "Berlin" } }, { "flow_id": "FLOW-00032", "timestamp": "2024-11-15T03:06:42.000Z", "src_ip": "10.0.50.101", "src_port": 59353, "dst_ip": "102.173.23.246", "dst_port": 4444, "protocol": "ICMP", "bytes_in": 2326854, "bytes_out": 1354649, "packets_in": 1451, "packets_out": 2714, "duration_ms": 13005, "direction": "lateral", "action": "alerted", "geo": { "country": "CN", "city": "Paris" } }, { "flow_id": "FLOW-00033", "timestamp": "2024-11-15T03:12:36.000Z", "src_ip": "10.0.1.51", "src_port": 35217, "dst_ip": "10.0.0.247", "dst_port": 22, "protocol": "UDP", "bytes_in": 4216503, "bytes_out": 1880924, "packets_in": 306, "packets_out": 1971, "duration_ms": 278848, "direction": "inbound", "action": "allowed", "geo": { "country": "CN", "city": "Moscow" } }, { "flow_id": "FLOW-00034", "timestamp": "2024-11-15T03:18:37.000Z", "src_ip": "181.227.43.207", "src_port": 3972, "dst_ip": "10.0.30.104", "dst_port": 4444, "protocol": "TCP", "bytes_in": 2851826, "bytes_out": 916555, "packets_in": 2958, "packets_out": 6799, "duration_ms": 12613, "direction": "lateral", "action": "blocked", "geo": { "country": "NL", "city": "Beijing" } }, { "flow_id": "FLOW-00035", "timestamp": "2024-11-15T03:24:26.000Z", "src_ip": "26.86.146.37", "src_port": 45497, "dst_ip": "197.45.78.79", "dst_port": 53, "protocol": "TCP", "bytes_in": 2728800, "bytes_out": 380608, "packets_in": 446, "packets_out": 959, "duration_ms": 156251, "direction": "outbound", "action": "allowed", "geo": { "country": "UA", "city": "New York" } }, { "flow_id": "FLOW-00036", "timestamp": "2024-11-15T03:30:12.000Z", "src_ip": "83.132.192.242", "src_port": 16727, "dst_ip": "10.0.1.15", "dst_port": 9001, "protocol": "ICMP", "bytes_in": 1983895, "bytes_out": 1033916, "packets_in": 8334, "packets_out": 8265, "duration_ms": 201877, "direction": "inbound", "action": "blocked", "geo": { "country": "PL", "city": "Kyiv" } }, { "flow_id": "FLOW-00037", "timestamp": "2024-11-15T03:36:37.000Z", "src_ip": "105.33.247.8", "src_port": 45267, "dst_ip": "60.9.137.142", "dst_port": 443, "protocol": "TCP", "bytes_in": 4653287, "bytes_out": 1366465, "packets_in": 2058, "packets_out": 4991, "duration_ms": 297925, "direction": "outbound", "action": "blocked", "geo": { "country": "DE", "city": "Paris" } }, { "flow_id": "FLOW-00038", "timestamp": "2024-11-15T03:42:52.000Z", "src_ip": "37.191.86.201", "src_port": 31475, "dst_ip": "109.231.21.1", "dst_port": 9001, "protocol": "UDP", "bytes_in": 1404163, "bytes_out": 1202, "packets_in": 986, "packets_out": 7901, "duration_ms": 143290, "direction": "lateral", "action": "blocked", "geo": { "country": "NL", "city": "Kyiv" } }, { "flow_id": "FLOW-00039", "timestamp": "2024-11-15T03:48:10.000Z", "src_ip": "10.0.10.151", "src_port": 49467, "dst_ip": "10.0.20.13", "dst_port": 1337, "protocol": "ICMP", "bytes_in": 586723, "bytes_out": 630548, "packets_in": 1470, "packets_out": 6477, "duration_ms": 64476, "direction": "inbound", "action": "alerted", "geo": { "country": "FR", "city": "Beijing" } }, { "flow_id": "FLOW-00040", "timestamp": "2024-11-15T03:54:43.000Z", "src_ip": "10.0.10.158", "src_port": 62982, "dst_ip": "10.0.30.228", "dst_port": 3389, "protocol": "ICMP", "bytes_in": 2192515, "bytes_out": 1578577, "packets_in": 7418, "packets_out": 4474, "duration_ms": 128938, "direction": "lateral", "action": "blocked", "geo": { "country": "UA", "city": "Moscow" } }, { "flow_id": "FLOW-00041", "timestamp": "2024-11-15T04:00:30.000Z", "src_ip": "154.168.8.234", "src_port": 1304, "dst_ip": "10.0.0.157", "dst_port": 80, "protocol": "ICMP", "bytes_in": 1455789, "bytes_out": 866529, "packets_in": 9107, "packets_out": 8012, "duration_ms": 205936, "direction": "lateral", "action": "allowed", "geo": { "country": "DE", "city": "Paris" } }, { "flow_id": "FLOW-00042", "timestamp": "2024-11-15T04:06:38.000Z", "src_ip": "214.227.63.91", "src_port": 24483, "dst_ip": "10.0.50.213", "dst_port": 8080, "protocol": "TCP", "bytes_in": 70791, "bytes_out": 261712, "packets_in": 7581, "packets_out": 6070, "duration_ms": 101183, "direction": "outbound", "action": "allowed", "geo": { "country": "RU", "city": "Warsaw" } }, { "flow_id": "FLOW-00043", "timestamp": "2024-11-15T04:12:31.000Z", "src_ip": "10.0.30.51", "src_port": 64416, "dst_ip": "158.155.113.60", "dst_port": 3389, "protocol": "TCP", "bytes_in": 2355219, "bytes_out": 1033619, "packets_in": 9930, "packets_out": 3426, "duration_ms": 3742, "direction": "inbound", "action": "alerted", "geo": { "country": "NL", "city": "Berlin" } }, { "flow_id": "FLOW-00044", "timestamp": "2024-11-15T04:18:37.000Z", "src_ip": "10.0.100.45", "src_port": 9428, "dst_ip": "10.0.2.18", "dst_port": 443, "protocol": "TCP", "bytes_in": 2177951, "bytes_out": 1957888, "packets_in": 9338, "packets_out": 3735, "duration_ms": 274245, "direction": "lateral", "action": "blocked", "geo": { "country": "RU", "city": "Warsaw" } }, { "flow_id": "FLOW-00045", "timestamp": "2024-11-15T04:24:27.000Z", "src_ip": "10.0.20.176", "src_port": 43030, "dst_ip": "10.0.100.2", "dst_port": 80, "protocol": "UDP", "bytes_in": 3628541, "bytes_out": 1770776, "packets_in": 6667, "packets_out": 4490, "duration_ms": 63816, "direction": "lateral", "action": "alerted", "geo": { "country": "GB", "city": "London" } }, { "flow_id": "FLOW-00046", "timestamp": "2024-11-15T04:30:25.000Z", "src_ip": "195.22.114.13", "src_port": 13777, "dst_ip": "108.229.161.2", "dst_port": 3389, "protocol": "TCP", "bytes_in": 4796834, "bytes_out": 1693876, "packets_in": 416, "packets_out": 3697, "duration_ms": 222204, "direction": "inbound", "action": "allowed", "geo": { "country": "RU", "city": "New York" } }, { "flow_id": "FLOW-00047", "timestamp": "2024-11-15T04:36:06.000Z", "src_ip": "17.49.14.123", "src_port": 32060, "dst_ip": "7.171.128.64", "dst_port": 22, "protocol": "UDP", "bytes_in": 456679, "bytes_out": 1723154, "packets_in": 5466, "packets_out": 8515, "duration_ms": 124122, "direction": "inbound", "action": "alerted", "geo": { "country": "BR", "city": "London" } }, { "flow_id": "FLOW-00048", "timestamp": "2024-11-15T04:42:56.000Z", "src_ip": "10.0.100.150", "src_port": 56578, "dst_ip": "16.17.193.81", "dst_port": 443, "protocol": "TCP", "bytes_in": 520176, "bytes_out": 1927589, "packets_in": 7241, "packets_out": 898, "duration_ms": 158058, "direction": "lateral", "action": "alerted", "geo": { "country": "NL", "city": "Berlin" } }, { "flow_id": "FLOW-00049", "timestamp": "2024-11-15T04:48:38.000Z", "src_ip": "15.26.150.218", "src_port": 52631, "dst_ip": "25.210.119.222", "dst_port": 9001, "protocol": "TCP", "bytes_in": 3803553, "bytes_out": 805202, "packets_in": 7606, "packets_out": 7015, "duration_ms": 53099, "direction": "outbound", "action": "alerted", "geo": { "country": "PL", "city": "London" } }, { "flow_id": "FLOW-00050", "timestamp": "2024-11-15T04:54:36.000Z", "src_ip": "10.0.10.29", "src_port": 9280, "dst_ip": "153.34.99.232", "dst_port": 1337, "protocol": "UDP", "bytes_in": 2981301, "bytes_out": 882979, "packets_in": 7888, "packets_out": 7285, "duration_ms": 97478, "direction": "inbound", "action": "allowed", "geo": { "country": "PL", "city": "Warsaw" } }, { "flow_id": "FLOW-00051", "timestamp": "2024-11-15T05:00:30.000Z", "src_ip": "150.223.183.80", "src_port": 21253, "dst_ip": "10.0.2.39", "dst_port": 9001, "protocol": "UDP", "bytes_in": 2441685, "bytes_out": 773556, "packets_in": 133, "packets_out": 8482, "duration_ms": 75813, "direction": "inbound", "action": "allowed", "geo": { "country": "FR", "city": "Paris" } }, { "flow_id": "FLOW-00052", "timestamp": "2024-11-15T05:06:12.000Z", "src_ip": "10.0.50.90", "src_port": 44792, "dst_ip": "52.103.35.88", "dst_port": 4444, "protocol": "ICMP", "bytes_in": 3920919, "bytes_out": 1257856, "packets_in": 5426, "packets_out": 9477, "duration_ms": 296798, "direction": "outbound", "action": "alerted", "geo": { "country": "CN", "city": "Amsterdam" } }, { "flow_id": "FLOW-00053", "timestamp": "2024-11-15T05:12:39.000Z", "src_ip": "27.232.21.127", "src_port": 14992, "dst_ip": "1.114.117.120", "dst_port": 22, "protocol": "UDP", "bytes_in": 2781014, "bytes_out": 1693034, "packets_in": 6159, "packets_out": 3364, "duration_ms": 209880, "direction": "inbound", "action": "allowed", "geo": { "country": "UA", "city": "Warsaw" } }, { "flow_id": "FLOW-00054", "timestamp": "2024-11-15T05:18:01.000Z", "src_ip": "8.58.72.75", "src_port": 14073, "dst_ip": "162.184.22.250", "dst_port": 22, "protocol": "UDP", "bytes_in": 1460911, "bytes_out": 459225, "packets_in": 4293, "packets_out": 2856, "duration_ms": 178163, "direction": "lateral", "action": "allowed", "geo": { "country": "US", "city": "Moscow" } }, { "flow_id": "FLOW-00055", "timestamp": "2024-11-15T05:24:41.000Z", "src_ip": "216.134.51.6", "src_port": 52627, "dst_ip": "10.0.2.99", "dst_port": 443, "protocol": "UDP", "bytes_in": 1763662, "bytes_out": 639847, "packets_in": 7475, "packets_out": 3935, "duration_ms": 193799, "direction": "outbound", "action": "alerted", "geo": { "country": "US", "city": "Paris" } }, { "flow_id": "FLOW-00056", "timestamp": "2024-11-15T05:30:56.000Z", "src_ip": "10.0.50.226", "src_port": 61589, "dst_ip": "10.0.1.38", "dst_port": 53, "protocol": "TCP", "bytes_in": 1608003, "bytes_out": 1116912, "packets_in": 6197, "packets_out": 6132, "duration_ms": 166699, "direction": "lateral", "action": "blocked", "geo": { "country": "RU", "city": "Warsaw" } }, { "flow_id": "FLOW-00057", "timestamp": "2024-11-15T05:36:15.000Z", "src_ip": "10.0.10.220", "src_port": 4514, "dst_ip": "10.0.2.85", "dst_port": 25, "protocol": "TCP", "bytes_in": 4263737, "bytes_out": 1224973, "packets_in": 8012, "packets_out": 3429, "duration_ms": 42682, "direction": "outbound", "action": "alerted", "geo": { "country": "BR", "city": "Berlin" } }, { "flow_id": "FLOW-00058", "timestamp": "2024-11-15T05:42:31.000Z", "src_ip": "100.191.255.133", "src_port": 32072, "dst_ip": "83.191.247.184", "dst_port": 25, "protocol": "ICMP", "bytes_in": 3363443, "bytes_out": 1338268, "packets_in": 9568, "packets_out": 600, "duration_ms": 108633, "direction": "inbound", "action": "allowed", "geo": { "country": "GB", "city": "Moscow" } }, { "flow_id": "FLOW-00059", "timestamp": "2024-11-15T05:48:05.000Z", "src_ip": "79.217.193.147", "src_port": 9827, "dst_ip": "216.191.130.141", "dst_port": 443, "protocol": "UDP", "bytes_in": 3728844, "bytes_out": 1088109, "packets_in": 5761, "packets_out": 3772, "duration_ms": 21571, "direction": "outbound", "action": "alerted", "geo": { "country": "BR", "city": "Kyiv" } }, { "flow_id": "FLOW-00060", "timestamp": "2024-11-15T05:54:24.000Z", "src_ip": "120.221.209.95", "src_port": 2643, "dst_ip": "10.0.30.71", "dst_port": 53, "protocol": "UDP", "bytes_in": 1961240, "bytes_out": 557119, "packets_in": 1244, "packets_out": 5884, "duration_ms": 43212, "direction": "outbound", "action": "alerted", "geo": { "country": "FR", "city": "Paris" } }, { "flow_id": "FLOW-00061", "timestamp": "2024-11-15T06:00:34.000Z", "src_ip": "10.0.20.239", "src_port": 14151, "dst_ip": "31.36.184.10", "dst_port": 3389, "protocol": "TCP", "bytes_in": 2761940, "bytes_out": 524401, "packets_in": 4960, "packets_out": 4497, "duration_ms": 99952, "direction": "lateral", "action": "alerted", "geo": { "country": "US", "city": "Paris" } }, { "flow_id": "FLOW-00062", "timestamp": "2024-11-15T06:06:25.000Z", "src_ip": "10.0.0.199", "src_port": 54885, "dst_ip": "211.177.206.243", "dst_port": 9001, "protocol": "ICMP", "bytes_in": 99810, "bytes_out": 989928, "packets_in": 8400, "packets_out": 2446, "duration_ms": 208408, "direction": "inbound", "action": "allowed", "geo": { "country": "RU", "city": "London" } }, { "flow_id": "FLOW-00063", "timestamp": "2024-11-15T06:12:12.000Z", "src_ip": "151.239.236.88", "src_port": 29125, "dst_ip": "10.0.30.218", "dst_port": 8080, "protocol": "TCP", "bytes_in": 3679985, "bytes_out": 943723, "packets_in": 9150, "packets_out": 494, "duration_ms": 196451, "direction": "inbound", "action": "alerted", "geo": { "country": "US", "city": "Beijing" } }, { "flow_id": "FLOW-00064", "timestamp": "2024-11-15T06:18:14.000Z", "src_ip": "10.0.0.129", "src_port": 28493, "dst_ip": "10.0.30.88", "dst_port": 8080, "protocol": "ICMP", "bytes_in": 3383766, "bytes_out": 1599858, "packets_in": 8809, "packets_out": 4910, "duration_ms": 170960, "direction": "lateral", "action": "allowed", "geo": { "country": "BR", "city": "Warsaw" } }, { "flow_id": "FLOW-00065", "timestamp": "2024-11-15T06:24:40.000Z", "src_ip": "10.0.2.252", "src_port": 53396, "dst_ip": "10.0.30.147", "dst_port": 9001, "protocol": "ICMP", "bytes_in": 4814107, "bytes_out": 1818178, "packets_in": 6405, "packets_out": 6248, "duration_ms": 107063, "direction": "outbound", "action": "allowed", "geo": { "country": "FR", "city": "Amsterdam" } }, { "flow_id": "FLOW-00066", "timestamp": "2024-11-15T06:30:06.000Z", "src_ip": "28.168.231.164", "src_port": 45253, "dst_ip": "10.0.1.45", "dst_port": 1337, "protocol": "TCP", "bytes_in": 268995, "bytes_out": 1733307, "packets_in": 9886, "packets_out": 8006, "duration_ms": 14072, "direction": "inbound", "action": "allowed", "geo": { "country": "DE", "city": "Amsterdam" } }, { "flow_id": "FLOW-00067", "timestamp": "2024-11-15T06:36:55.000Z", "src_ip": "60.149.35.117", "src_port": 60649, "dst_ip": "133.5.87.84", "dst_port": 8080, "protocol": "UDP", "bytes_in": 1317372, "bytes_out": 232310, "packets_in": 2116, "packets_out": 8790, "duration_ms": 219370, "direction": "outbound", "action": "alerted", "geo": { "country": "DE", "city": "Amsterdam" } }, { "flow_id": "FLOW-00068", "timestamp": "2024-11-15T06:42:52.000Z", "src_ip": "10.0.10.35", "src_port": 47533, "dst_ip": "10.0.20.112", "dst_port": 4444, "protocol": "TCP", "bytes_in": 4824280, "bytes_out": 1969613, "packets_in": 5085, "packets_out": 9626, "duration_ms": 106417, "direction": "lateral", "action": "alerted", "geo": { "country": "GB", "city": "Beijing" } }, { "flow_id": "FLOW-00069", "timestamp": "2024-11-15T06:48:36.000Z", "src_ip": "37.228.32.212", "src_port": 58645, "dst_ip": "207.126.168.234", "dst_port": 4444, "protocol": "UDP", "bytes_in": 3881434, "bytes_out": 1208301, "packets_in": 641, "packets_out": 1493, "duration_ms": 150949, "direction": "lateral", "action": "blocked", "geo": { "country": "UA", "city": "Beijing" } }, { "flow_id": "FLOW-00070", "timestamp": "2024-11-15T06:54:58.000Z", "src_ip": "211.89.212.64", "src_port": 44217, "dst_ip": "159.221.234.99", "dst_port": 53, "protocol": "ICMP", "bytes_in": 4769954, "bytes_out": 200413, "packets_in": 6448, "packets_out": 716, "duration_ms": 125670, "direction": "inbound", "action": "blocked", "geo": { "country": "FR", "city": "Beijing" } }, { "flow_id": "FLOW-00071", "timestamp": "2024-11-15T07:00:31.000Z", "src_ip": "10.0.1.180", "src_port": 27977, "dst_ip": "10.0.10.234", "dst_port": 1337, "protocol": "TCP", "bytes_in": 3093212, "bytes_out": 160566, "packets_in": 1724, "packets_out": 8265, "duration_ms": 170925, "direction": "outbound", "action": "blocked", "geo": { "country": "US", "city": "Beijing" } }, { "flow_id": "FLOW-00072", "timestamp": "2024-11-15T07:06:21.000Z", "src_ip": "12.236.13.19", "src_port": 49911, "dst_ip": "10.0.100.99", "dst_port": 8080, "protocol": "TCP", "bytes_in": 3327609, "bytes_out": 79283, "packets_in": 176, "packets_out": 4106, "duration_ms": 60127, "direction": "lateral", "action": "allowed", "geo": { "country": "UA", "city": "London" } }, { "flow_id": "FLOW-00073", "timestamp": "2024-11-15T07:12:52.000Z", "src_ip": "18.42.124.183", "src_port": 19317, "dst_ip": "10.0.2.122", "dst_port": 53, "protocol": "TCP", "bytes_in": 151613, "bytes_out": 1273011, "packets_in": 1647, "packets_out": 2904, "duration_ms": 154217, "direction": "inbound", "action": "alerted", "geo": { "country": "NL", "city": "New York" } }, { "flow_id": "FLOW-00074", "timestamp": "2024-11-15T07:18:43.000Z", "src_ip": "196.5.139.40", "src_port": 35908, "dst_ip": "46.110.17.229", "dst_port": 22, "protocol": "UDP", "bytes_in": 400670, "bytes_out": 1754334, "packets_in": 8567, "packets_out": 1685, "duration_ms": 204797, "direction": "lateral", "action": "blocked", "geo": { "country": "GB", "city": "Warsaw" } }, { "flow_id": "FLOW-00075", "timestamp": "2024-11-15T07:24:15.000Z", "src_ip": "10.0.0.199", "src_port": 14130, "dst_ip": "52.127.191.233", "dst_port": 443, "protocol": "TCP", "bytes_in": 3537395, "bytes_out": 58667, "packets_in": 239, "packets_out": 5524, "duration_ms": 100743, "direction": "lateral", "action": "alerted", "geo": { "country": "DE", "city": "Moscow" } }, { "flow_id": "FLOW-00076", "timestamp": "2024-11-15T07:30:10.000Z", "src_ip": "10.0.1.206", "src_port": 3908, "dst_ip": "10.0.2.187", "dst_port": 8080, "protocol": "ICMP", "bytes_in": 903381, "bytes_out": 1710552, "packets_in": 5360, "packets_out": 5287, "duration_ms": 294679, "direction": "lateral", "action": "allowed", "geo": { "country": "BR", "city": "Moscow" } }, { "flow_id": "FLOW-00077", "timestamp": "2024-11-15T07:36:20.000Z", "src_ip": "10.0.50.242", "src_port": 12402, "dst_ip": "60.109.54.92", "dst_port": 80, "protocol": "UDP", "bytes_in": 2652879, "bytes_out": 25190, "packets_in": 6377, "packets_out": 3486, "duration_ms": 240531, "direction": "inbound", "action": "allowed", "geo": { "country": "CN", "city": "São Paulo" } }, { "flow_id": "FLOW-00078", "timestamp": "2024-11-15T07:42:06.000Z", "src_ip": "18.111.210.78", "src_port": 47720, "dst_ip": "10.0.100.253", "dst_port": 1337, "protocol": "ICMP", "bytes_in": 1438367, "bytes_out": 528420, "packets_in": 1553, "packets_out": 9829, "duration_ms": 170056, "direction": "lateral", "action": "alerted", "geo": { "country": "NL", "city": "New York" } }, { "flow_id": "FLOW-00079", "timestamp": "2024-11-15T07:48:40.000Z", "src_ip": "163.162.246.18", "src_port": 49639, "dst_ip": "156.229.195.131", "dst_port": 22, "protocol": "ICMP", "bytes_in": 4928107, "bytes_out": 1477778, "packets_in": 218, "packets_out": 3812, "duration_ms": 11122, "direction": "lateral", "action": "allowed", "geo": { "country": "CN", "city": "Moscow" } }, { "flow_id": "FLOW-00080", "timestamp": "2024-11-15T07:54:12.000Z", "src_ip": "10.0.10.160", "src_port": 10963, "dst_ip": "36.191.255.76", "dst_port": 8080, "protocol": "TCP", "bytes_in": 318048, "bytes_out": 499320, "packets_in": 9799, "packets_out": 7271, "duration_ms": 172329, "direction": "inbound", "action": "blocked", "geo": { "country": "UA", "city": "Warsaw" } }, { "flow_id": "FLOW-00081", "timestamp": "2024-11-15T08:00:54.000Z", "src_ip": "10.0.50.167", "src_port": 49053, "dst_ip": "10.0.0.60", "dst_port": 3389, "protocol": "UDP", "bytes_in": 2032195, "bytes_out": 431694, "packets_in": 8837, "packets_out": 886, "duration_ms": 130201, "direction": "lateral", "action": "alerted", "geo": { "country": "RU", "city": "São Paulo" } }, { "flow_id": "FLOW-00082", "timestamp": "2024-11-15T08:06:12.000Z", "src_ip": "10.0.30.48", "src_port": 4438, "dst_ip": "2.33.251.18", "dst_port": 53, "protocol": "TCP", "bytes_in": 1053346, "bytes_out": 192497, "packets_in": 2846, "packets_out": 9710, "duration_ms": 287754, "direction": "inbound", "action": "allowed", "geo": { "country": "FR", "city": "Berlin" } }, { "flow_id": "FLOW-00083", "timestamp": "2024-11-15T08:12:18.000Z", "src_ip": "120.159.84.185", "src_port": 38800, "dst_ip": "109.90.127.78", "dst_port": 4444, "protocol": "ICMP", "bytes_in": 1689538, "bytes_out": 570197, "packets_in": 7884, "packets_out": 1311, "duration_ms": 188525, "direction": "outbound", "action": "blocked", "geo": { "country": "US", "city": "London" } }, { "flow_id": "FLOW-00084", "timestamp": "2024-11-15T08:18:48.000Z", "src_ip": "130.221.79.210", "src_port": 26020, "dst_ip": "10.0.100.7", "dst_port": 8080, "protocol": "TCP", "bytes_in": 2518588, "bytes_out": 1248253, "packets_in": 8802, "packets_out": 2504, "duration_ms": 289854, "direction": "lateral", "action": "allowed", "geo": { "country": "CN", "city": "Amsterdam" } }, { "flow_id": "FLOW-00085", "timestamp": "2024-11-15T08:24:08.000Z", "src_ip": "117.145.192.144", "src_port": 47873, "dst_ip": "10.0.1.87", "dst_port": 4444, "protocol": "TCP", "bytes_in": 1297986, "bytes_out": 1921331, "packets_in": 3107, "packets_out": 69, "duration_ms": 6729, "direction": "lateral", "action": "alerted", "geo": { "country": "UA", "city": "London" } }, { "flow_id": "FLOW-00086", "timestamp": "2024-11-15T08:30:02.000Z", "src_ip": "107.202.191.99", "src_port": 61422, "dst_ip": "165.36.209.227", "dst_port": 443, "protocol": "UDP", "bytes_in": 4744732, "bytes_out": 340562, "packets_in": 3183, "packets_out": 7149, "duration_ms": 133829, "direction": "lateral", "action": "blocked", "geo": { "country": "FR", "city": "London" } }, { "flow_id": "FLOW-00087", "timestamp": "2024-11-15T08:36:30.000Z", "src_ip": "10.0.30.180", "src_port": 3285, "dst_ip": "99.217.126.63", "dst_port": 3389, "protocol": "ICMP", "bytes_in": 237093, "bytes_out": 1462767, "packets_in": 2423, "packets_out": 4282, "duration_ms": 238798, "direction": "lateral", "action": "allowed", "geo": { "country": "CN", "city": "Moscow" } }, { "flow_id": "FLOW-00088", "timestamp": "2024-11-15T08:42:37.000Z", "src_ip": "10.0.2.5", "src_port": 64865, "dst_ip": "24.196.203.181", "dst_port": 443, "protocol": "ICMP", "bytes_in": 1584028, "bytes_out": 1837182, "packets_in": 6930, "packets_out": 2717, "duration_ms": 223804, "direction": "outbound", "action": "alerted", "geo": { "country": "CN", "city": "Paris" } }, { "flow_id": "FLOW-00089", "timestamp": "2024-11-15T08:48:36.000Z", "src_ip": "10.0.50.152", "src_port": 51925, "dst_ip": "106.45.55.163", "dst_port": 3389, "protocol": "TCP", "bytes_in": 2256778, "bytes_out": 1570264, "packets_in": 3433, "packets_out": 6521, "duration_ms": 161534, "direction": "inbound", "action": "allowed", "geo": { "country": "GB", "city": "Warsaw" } }, { "flow_id": "FLOW-00090", "timestamp": "2024-11-15T08:54:11.000Z", "src_ip": "199.213.213.168", "src_port": 47164, "dst_ip": "111.87.90.96", "dst_port": 53, "protocol": "TCP", "bytes_in": 4080880, "bytes_out": 381712, "packets_in": 8235, "packets_out": 1807, "duration_ms": 236277, "direction": "lateral", "action": "allowed", "geo": { "country": "US", "city": "Moscow" } }, { "flow_id": "FLOW-00091", "timestamp": "2024-11-15T09:00:40.000Z", "src_ip": "47.98.132.252", "src_port": 60856, "dst_ip": "10.0.50.114", "dst_port": 9001, "protocol": "TCP", "bytes_in": 1393631, "bytes_out": 167437, "packets_in": 4803, "packets_out": 1405, "duration_ms": 198039, "direction": "inbound", "action": "blocked", "geo": { "country": "DE", "city": "Kyiv" } }, { "flow_id": "FLOW-00092", "timestamp": "2024-11-15T09:06:17.000Z", "src_ip": "61.244.248.173", "src_port": 50293, "dst_ip": "10.0.0.17", "dst_port": 80, "protocol": "ICMP", "bytes_in": 4885970, "bytes_out": 1655151, "packets_in": 686, "packets_out": 1587, "duration_ms": 110661, "direction": "lateral", "action": "allowed", "geo": { "country": "NL", "city": "São Paulo" } }, { "flow_id": "FLOW-00093", "timestamp": "2024-11-15T09:12:23.000Z", "src_ip": "10.0.20.240", "src_port": 45710, "dst_ip": "194.172.219.87", "dst_port": 3389, "protocol": "UDP", "bytes_in": 2009949, "bytes_out": 1973465, "packets_in": 5919, "packets_out": 6529, "duration_ms": 198410, "direction": "lateral", "action": "allowed", "geo": { "country": "UA", "city": "Kyiv" } }, { "flow_id": "FLOW-00094", "timestamp": "2024-11-15T09:18:53.000Z", "src_ip": "10.0.0.118", "src_port": 59218, "dst_ip": "10.0.50.187", "dst_port": 53, "protocol": "TCP", "bytes_in": 1030978, "bytes_out": 1822500, "packets_in": 8694, "packets_out": 4579, "duration_ms": 130306, "direction": "outbound", "action": "blocked", "geo": { "country": "BR", "city": "London" } }, { "flow_id": "FLOW-00095", "timestamp": "2024-11-15T09:24:40.000Z", "src_ip": "10.0.10.2", "src_port": 24630, "dst_ip": "10.0.30.6", "dst_port": 80, "protocol": "ICMP", "bytes_in": 2730767, "bytes_out": 1421785, "packets_in": 7280, "packets_out": 3827, "duration_ms": 254037, "direction": "outbound", "action": "alerted", "geo": { "country": "BR", "city": "Berlin" } }, { "flow_id": "FLOW-00096", "timestamp": "2024-11-15T09:30:33.000Z", "src_ip": "122.51.197.76", "src_port": 58448, "dst_ip": "10.0.2.224", "dst_port": 9001, "protocol": "ICMP", "bytes_in": 4233262, "bytes_out": 66639, "packets_in": 2095, "packets_out": 8159, "duration_ms": 45661, "direction": "outbound", "action": "alerted", "geo": { "country": "FR", "city": "London" } }, { "flow_id": "FLOW-00097", "timestamp": "2024-11-15T09:36:10.000Z", "src_ip": "115.59.246.170", "src_port": 50389, "dst_ip": "10.0.10.56", "dst_port": 443, "protocol": "TCP", "bytes_in": 3648214, "bytes_out": 1501132, "packets_in": 479, "packets_out": 2626, "duration_ms": 171181, "direction": "outbound", "action": "blocked", "geo": { "country": "RU", "city": "Beijing" } }, { "flow_id": "FLOW-00098", "timestamp": "2024-11-15T09:42:44.000Z", "src_ip": "10.0.1.172", "src_port": 22834, "dst_ip": "137.251.46.204", "dst_port": 22, "protocol": "ICMP", "bytes_in": 542530, "bytes_out": 1350601, "packets_in": 5624, "packets_out": 6177, "duration_ms": 200095, "direction": "lateral", "action": "alerted", "geo": { "country": "FR", "city": "Amsterdam" } }, { "flow_id": "FLOW-00099", "timestamp": "2024-11-15T09:48:47.000Z", "src_ip": "10.0.10.68", "src_port": 39834, "dst_ip": "23.57.45.88", "dst_port": 22, "protocol": "ICMP", "bytes_in": 974033, "bytes_out": 1201394, "packets_in": 6026, "packets_out": 2088, "duration_ms": 164298, "direction": "outbound", "action": "alerted", "geo": { "country": "PL", "city": "Beijing" } }, { "flow_id": "FLOW-00100", "timestamp": "2024-11-15T09:54:42.000Z", "src_ip": "138.97.198.251", "src_port": 40451, "dst_ip": "198.186.64.134", "dst_port": 9001, "protocol": "TCP", "bytes_in": 894171, "bytes_out": 829094, "packets_in": 151, "packets_out": 8820, "duration_ms": 241489, "direction": "outbound", "action": "allowed", "geo": { "country": "CN", "city": "Moscow" } }, { "flow_id": "FLOW-00101", "timestamp": "2024-11-15T10:00:20.000Z", "src_ip": "117.75.145.38", "src_port": 21267, "dst_ip": "10.0.0.155", "dst_port": 1337, "protocol": "ICMP", "bytes_in": 1035755, "bytes_out": 573535, "packets_in": 9404, "packets_out": 7837, "duration_ms": 113092, "direction": "outbound", "action": "blocked", "geo": { "country": "NL", "city": "Warsaw" } }, { "flow_id": "FLOW-00102", "timestamp": "2024-11-15T10:06:46.000Z", "src_ip": "10.0.30.41", "src_port": 62262, "dst_ip": "10.0.10.219", "dst_port": 22, "protocol": "ICMP", "bytes_in": 441022, "bytes_out": 1936066, "packets_in": 2934, "packets_out": 7988, "duration_ms": 205421, "direction": "outbound", "action": "alerted", "geo": { "country": "US", "city": "Warsaw" } }, { "flow_id": "FLOW-00103", "timestamp": "2024-11-15T10:12:25.000Z", "src_ip": "10.0.30.110", "src_port": 26652, "dst_ip": "10.0.30.195", "dst_port": 443, "protocol": "ICMP", "bytes_in": 2374374, "bytes_out": 592224, "packets_in": 3197, "packets_out": 8979, "duration_ms": 206451, "direction": "inbound", "action": "allowed", "geo": { "country": "UA", "city": "São Paulo" } }, { "flow_id": "FLOW-00104", "timestamp": "2024-11-15T10:18:41.000Z", "src_ip": "10.0.0.219", "src_port": 11751, "dst_ip": "10.0.20.119", "dst_port": 9001, "protocol": "TCP", "bytes_in": 3706853, "bytes_out": 1459588, "packets_in": 7905, "packets_out": 4770, "duration_ms": 75929, "direction": "inbound", "action": "allowed", "geo": { "country": "RU", "city": "Warsaw" } }, { "flow_id": "FLOW-00105", "timestamp": "2024-11-15T10:24:53.000Z", "src_ip": "220.52.75.97", "src_port": 12048, "dst_ip": "10.0.50.175", "dst_port": 80, "protocol": "TCP", "bytes_in": 2982917, "bytes_out": 993853, "packets_in": 2944, "packets_out": 860, "duration_ms": 61524, "direction": "lateral", "action": "alerted", "geo": { "country": "UA", "city": "São Paulo" } }, { "flow_id": "FLOW-00106", "timestamp": "2024-11-15T10:30:38.000Z", "src_ip": "39.206.125.9", "src_port": 63581, "dst_ip": "102.250.154.177", "dst_port": 53, "protocol": "ICMP", "bytes_in": 3148909, "bytes_out": 1627138, "packets_in": 1469, "packets_out": 7597, "duration_ms": 200331, "direction": "outbound", "action": "alerted", "geo": { "country": "GB", "city": "Kyiv" } }, { "flow_id": "FLOW-00107", "timestamp": "2024-11-15T10:36:37.000Z", "src_ip": "30.42.62.126", "src_port": 38574, "dst_ip": "10.0.10.7", "dst_port": 9001, "protocol": "UDP", "bytes_in": 2296234, "bytes_out": 1454912, "packets_in": 1550, "packets_out": 9714, "duration_ms": 94947, "direction": "outbound", "action": "blocked", "geo": { "country": "NL", "city": "Beijing" } }, { "flow_id": "FLOW-00108", "timestamp": "2024-11-15T10:42:44.000Z", "src_ip": "10.0.1.85", "src_port": 2318, "dst_ip": "221.94.207.209", "dst_port": 8080, "protocol": "ICMP", "bytes_in": 4499854, "bytes_out": 1643129, "packets_in": 8685, "packets_out": 8005, "duration_ms": 33519, "direction": "lateral", "action": "alerted", "geo": { "country": "FR", "city": "Berlin" } }, { "flow_id": "FLOW-00109", "timestamp": "2024-11-15T10:48:55.000Z", "src_ip": "10.0.10.249", "src_port": 40286, "dst_ip": "10.0.1.48", "dst_port": 53, "protocol": "TCP", "bytes_in": 4653407, "bytes_out": 937979, "packets_in": 5150, "packets_out": 2016, "duration_ms": 20523, "direction": "inbound", "action": "alerted", "geo": { "country": "RU", "city": "New York" } }, { "flow_id": "FLOW-00110", "timestamp": "2024-11-15T10:54:42.000Z", "src_ip": "66.17.43.251", "src_port": 1029, "dst_ip": "77.186.87.109", "dst_port": 22, "protocol": "UDP", "bytes_in": 387334, "bytes_out": 1984419, "packets_in": 8511, "packets_out": 4808, "duration_ms": 280024, "direction": "outbound", "action": "allowed", "geo": { "country": "BR", "city": "London" } }, { "flow_id": "FLOW-00111", "timestamp": "2024-11-15T11:00:06.000Z", "src_ip": "10.0.30.157", "src_port": 44449, "dst_ip": "10.0.10.178", "dst_port": 80, "protocol": "TCP", "bytes_in": 308210, "bytes_out": 394483, "packets_in": 2322, "packets_out": 4911, "duration_ms": 112834, "direction": "inbound", "action": "alerted", "geo": { "country": "FR", "city": "Moscow" } }, { "flow_id": "FLOW-00112", "timestamp": "2024-11-15T11:06:35.000Z", "src_ip": "10.0.20.34", "src_port": 17733, "dst_ip": "10.0.50.21", "dst_port": 25, "protocol": "UDP", "bytes_in": 1370086, "bytes_out": 839049, "packets_in": 7473, "packets_out": 1365, "duration_ms": 133264, "direction": "lateral", "action": "blocked", "geo": { "country": "US", "city": "Paris" } }, { "flow_id": "FLOW-00113", "timestamp": "2024-11-15T11:12:09.000Z", "src_ip": "162.137.98.183", "src_port": 21756, "dst_ip": "169.83.214.211", "dst_port": 8080, "protocol": "UDP", "bytes_in": 217411, "bytes_out": 1265920, "packets_in": 4056, "packets_out": 1271, "duration_ms": 141624, "direction": "inbound", "action": "alerted", "geo": { "country": "DE", "city": "Paris" } }, { "flow_id": "FLOW-00114", "timestamp": "2024-11-15T11:18:00.000Z", "src_ip": "85.45.185.233", "src_port": 7443, "dst_ip": "70.74.115.71", "dst_port": 8080, "protocol": "TCP", "bytes_in": 3176262, "bytes_out": 1996097, "packets_in": 1721, "packets_out": 2024, "duration_ms": 92134, "direction": "lateral", "action": "alerted", "geo": { "country": "CN", "city": "São Paulo" } }, { "flow_id": "FLOW-00115", "timestamp": "2024-11-15T11:24:17.000Z", "src_ip": "10.0.100.26", "src_port": 40834, "dst_ip": "10.0.20.143", "dst_port": 443, "protocol": "TCP", "bytes_in": 1432397, "bytes_out": 666950, "packets_in": 6383, "packets_out": 2961, "duration_ms": 180971, "direction": "lateral", "action": "alerted", "geo": { "country": "FR", "city": "Paris" } }, { "flow_id": "FLOW-00116", "timestamp": "2024-11-15T11:30:43.000Z", "src_ip": "10.0.50.124", "src_port": 34681, "dst_ip": "10.0.20.4", "dst_port": 53, "protocol": "ICMP", "bytes_in": 1060118, "bytes_out": 299264, "packets_in": 6207, "packets_out": 9299, "duration_ms": 140179, "direction": "inbound", "action": "alerted", "geo": { "country": "UA", "city": "Moscow" } }, { "flow_id": "FLOW-00117", "timestamp": "2024-11-15T11:36:18.000Z", "src_ip": "10.0.50.182", "src_port": 19100, "dst_ip": "113.181.239.129", "dst_port": 8080, "protocol": "ICMP", "bytes_in": 1919076, "bytes_out": 640088, "packets_in": 1425, "packets_out": 5008, "duration_ms": 213131, "direction": "outbound", "action": "allowed", "geo": { "country": "DE", "city": "Berlin" } }, { "flow_id": "FLOW-00118", "timestamp": "2024-11-15T11:42:18.000Z", "src_ip": "10.0.1.44", "src_port": 37341, "dst_ip": "10.0.1.192", "dst_port": 4444, "protocol": "TCP", "bytes_in": 3556696, "bytes_out": 1419905, "packets_in": 8335, "packets_out": 2236, "duration_ms": 251478, "direction": "outbound", "action": "alerted", "geo": { "country": "FR", "city": "Berlin" } }, { "flow_id": "FLOW-00119", "timestamp": "2024-11-15T11:48:42.000Z", "src_ip": "158.97.3.183", "src_port": 63340, "dst_ip": "137.176.125.190", "dst_port": 1337, "protocol": "ICMP", "bytes_in": 355371, "bytes_out": 1273818, "packets_in": 7351, "packets_out": 2762, "duration_ms": 274474, "direction": "inbound", "action": "allowed", "geo": { "country": "DE", "city": "Kyiv" } }, { "flow_id": "FLOW-00120", "timestamp": "2024-11-15T11:54:07.000Z", "src_ip": "10.0.30.245", "src_port": 23172, "dst_ip": "127.194.87.96", "dst_port": 22, "protocol": "ICMP", "bytes_in": 988790, "bytes_out": 608373, "packets_in": 4902, "packets_out": 7916, "duration_ms": 153903, "direction": "outbound", "action": "allowed", "geo": { "country": "PL", "city": "São Paulo" } }, { "flow_id": "FLOW-00121", "timestamp": "2024-11-15T12:00:22.000Z", "src_ip": "79.18.237.229", "src_port": 1410, "dst_ip": "10.0.100.16", "dst_port": 9001, "protocol": "UDP", "bytes_in": 2756156, "bytes_out": 625750, "packets_in": 5799, "packets_out": 1756, "duration_ms": 2703, "direction": "outbound", "action": "alerted", "geo": { "country": "US", "city": "Amsterdam" } }, { "flow_id": "FLOW-00122", "timestamp": "2024-11-15T12:06:58.000Z", "src_ip": "26.220.251.51", "src_port": 32967, "dst_ip": "132.78.210.32", "dst_port": 80, "protocol": "TCP", "bytes_in": 2098346, "bytes_out": 474220, "packets_in": 7712, "packets_out": 6478, "duration_ms": 196246, "direction": "outbound", "action": "blocked", "geo": { "country": "NL", "city": "New York" } }, { "flow_id": "FLOW-00123", "timestamp": "2024-11-15T12:12:08.000Z", "src_ip": "10.0.20.29", "src_port": 24206, "dst_ip": "10.0.100.43", "dst_port": 8080, "protocol": "TCP", "bytes_in": 3013560, "bytes_out": 1853057, "packets_in": 3252, "packets_out": 1814, "duration_ms": 99388, "direction": "outbound", "action": "allowed", "geo": { "country": "US", "city": "Amsterdam" } }, { "flow_id": "FLOW-00124", "timestamp": "2024-11-15T12:18:31.000Z", "src_ip": "85.16.82.171", "src_port": 37076, "dst_ip": "123.136.60.108", "dst_port": 4444, "protocol": "ICMP", "bytes_in": 1069057, "bytes_out": 681402, "packets_in": 6552, "packets_out": 8223, "duration_ms": 203869, "direction": "inbound", "action": "allowed", "geo": { "country": "DE", "city": "Warsaw" } }, { "flow_id": "FLOW-00125", "timestamp": "2024-11-15T12:24:38.000Z", "src_ip": "89.6.121.14", "src_port": 49352, "dst_ip": "10.0.30.111", "dst_port": 80, "protocol": "UDP", "bytes_in": 4028214, "bytes_out": 607119, "packets_in": 4624, "packets_out": 7962, "duration_ms": 43314, "direction": "outbound", "action": "allowed", "geo": { "country": "BR", "city": "New York" } }, { "flow_id": "FLOW-00126", "timestamp": "2024-11-15T12:30:52.000Z", "src_ip": "10.0.2.65", "src_port": 29149, "dst_ip": "30.134.126.171", "dst_port": 22, "protocol": "UDP", "bytes_in": 864634, "bytes_out": 1470471, "packets_in": 8231, "packets_out": 2969, "duration_ms": 98917, "direction": "lateral", "action": "alerted", "geo": { "country": "US", "city": "Moscow" } }, { "flow_id": "FLOW-00127", "timestamp": "2024-11-15T12:36:12.000Z", "src_ip": "103.19.140.254", "src_port": 6983, "dst_ip": "38.218.9.158", "dst_port": 80, "protocol": "UDP", "bytes_in": 3416720, "bytes_out": 1101008, "packets_in": 5021, "packets_out": 3792, "duration_ms": 116275, "direction": "outbound", "action": "blocked", "geo": { "country": "GB", "city": "Warsaw" } }, { "flow_id": "FLOW-00128", "timestamp": "2024-11-15T12:42:26.000Z", "src_ip": "10.0.0.79", "src_port": 17209, "dst_ip": "94.143.179.183", "dst_port": 3389, "protocol": "TCP", "bytes_in": 1524707, "bytes_out": 85814, "packets_in": 9, "packets_out": 855, "duration_ms": 168632, "direction": "inbound", "action": "blocked", "geo": { "country": "GB", "city": "Beijing" } }, { "flow_id": "FLOW-00129", "timestamp": "2024-11-15T12:48:07.000Z", "src_ip": "10.0.1.112", "src_port": 7373, "dst_ip": "126.186.171.78", "dst_port": 80, "protocol": "ICMP", "bytes_in": 4628631, "bytes_out": 1615843, "packets_in": 2135, "packets_out": 5427, "duration_ms": 189042, "direction": "lateral", "action": "blocked", "geo": { "country": "BR", "city": "Paris" } }, { "flow_id": "FLOW-00130", "timestamp": "2024-11-15T12:54:06.000Z", "src_ip": "10.0.10.168", "src_port": 9575, "dst_ip": "150.196.44.228", "dst_port": 9001, "protocol": "TCP", "bytes_in": 344323, "bytes_out": 1230172, "packets_in": 3121, "packets_out": 3161, "duration_ms": 233712, "direction": "inbound", "action": "allowed", "geo": { "country": "FR", "city": "São Paulo" } }, { "flow_id": "FLOW-00131", "timestamp": "2024-11-15T13:00:12.000Z", "src_ip": "186.242.103.137", "src_port": 28431, "dst_ip": "10.0.0.34", "dst_port": 1337, "protocol": "ICMP", "bytes_in": 2118401, "bytes_out": 1869856, "packets_in": 9181, "packets_out": 5691, "duration_ms": 191896, "direction": "outbound", "action": "alerted", "geo": { "country": "DE", "city": "Amsterdam" } }, { "flow_id": "FLOW-00132", "timestamp": "2024-11-15T13:06:36.000Z", "src_ip": "108.11.85.154", "src_port": 5008, "dst_ip": "34.148.23.245", "dst_port": 22, "protocol": "ICMP", "bytes_in": 3334483, "bytes_out": 1038208, "packets_in": 8724, "packets_out": 8413, "duration_ms": 39315, "direction": "inbound", "action": "blocked", "geo": { "country": "FR", "city": "Amsterdam" } }, { "flow_id": "FLOW-00133", "timestamp": "2024-11-15T13:12:00.000Z", "src_ip": "10.0.50.104", "src_port": 11509, "dst_ip": "10.0.10.49", "dst_port": 9001, "protocol": "TCP", "bytes_in": 4967065, "bytes_out": 1461195, "packets_in": 146, "packets_out": 8402, "duration_ms": 238783, "direction": "lateral", "action": "alerted", "geo": { "country": "FR", "city": "Beijing" } }, { "flow_id": "FLOW-00134", "timestamp": "2024-11-15T13:18:02.000Z", "src_ip": "57.151.137.142", "src_port": 42941, "dst_ip": "58.23.121.75", "dst_port": 53, "protocol": "UDP", "bytes_in": 1115508, "bytes_out": 567206, "packets_in": 845, "packets_out": 4080, "duration_ms": 110087, "direction": "lateral", "action": "allowed", "geo": { "country": "PL", "city": "Kyiv" } }, { "flow_id": "FLOW-00135", "timestamp": "2024-11-15T13:24:57.000Z", "src_ip": "10.0.30.85", "src_port": 41098, "dst_ip": "181.135.68.105", "dst_port": 25, "protocol": "UDP", "bytes_in": 480424, "bytes_out": 1312787, "packets_in": 171, "packets_out": 5825, "duration_ms": 114966, "direction": "lateral", "action": "blocked", "geo": { "country": "US", "city": "Beijing" } }, { "flow_id": "FLOW-00136", "timestamp": "2024-11-15T13:30:41.000Z", "src_ip": "10.0.1.186", "src_port": 17889, "dst_ip": "10.0.50.244", "dst_port": 9001, "protocol": "ICMP", "bytes_in": 1729451, "bytes_out": 1713116, "packets_in": 7245, "packets_out": 3615, "duration_ms": 170008, "direction": "outbound", "action": "allowed", "geo": { "country": "BR", "city": "Amsterdam" } }, { "flow_id": "FLOW-00137", "timestamp": "2024-11-15T13:36:11.000Z", "src_ip": "60.222.188.38", "src_port": 31130, "dst_ip": "10.0.1.128", "dst_port": 53, "protocol": "TCP", "bytes_in": 1584335, "bytes_out": 1194723, "packets_in": 8037, "packets_out": 2956, "duration_ms": 147873, "direction": "inbound", "action": "blocked", "geo": { "country": "US", "city": "New York" } }, { "flow_id": "FLOW-00138", "timestamp": "2024-11-15T13:42:41.000Z", "src_ip": "10.0.10.19", "src_port": 64619, "dst_ip": "110.125.232.233", "dst_port": 8080, "protocol": "TCP", "bytes_in": 4419002, "bytes_out": 287984, "packets_in": 194, "packets_out": 9885, "duration_ms": 52288, "direction": "outbound", "action": "blocked", "geo": { "country": "PL", "city": "Berlin" } }, { "flow_id": "FLOW-00139", "timestamp": "2024-11-15T13:48:40.000Z", "src_ip": "10.0.0.35", "src_port": 40321, "dst_ip": "22.137.73.241", "dst_port": 80, "protocol": "TCP", "bytes_in": 892099, "bytes_out": 1137496, "packets_in": 5545, "packets_out": 1393, "duration_ms": 106075, "direction": "inbound", "action": "blocked", "geo": { "country": "BR", "city": "London" } }, { "flow_id": "FLOW-00140", "timestamp": "2024-11-15T13:54:34.000Z", "src_ip": "10.0.20.86", "src_port": 9089, "dst_ip": "63.28.136.161", "dst_port": 80, "protocol": "TCP", "bytes_in": 862541, "bytes_out": 1142261, "packets_in": 4862, "packets_out": 1681, "duration_ms": 268196, "direction": "outbound", "action": "allowed", "geo": { "country": "PL", "city": "Moscow" } }, { "flow_id": "FLOW-00141", "timestamp": "2024-11-15T14:00:56.000Z", "src_ip": "110.197.75.91", "src_port": 45877, "dst_ip": "10.0.10.237", "dst_port": 8080, "protocol": "ICMP", "bytes_in": 943016, "bytes_out": 1031486, "packets_in": 2779, "packets_out": 1805, "duration_ms": 117715, "direction": "inbound", "action": "blocked", "geo": { "country": "UA", "city": "Berlin" } }, { "flow_id": "FLOW-00142", "timestamp": "2024-11-15T14:06:02.000Z", "src_ip": "10.0.1.94", "src_port": 40640, "dst_ip": "10.0.1.231", "dst_port": 53, "protocol": "TCP", "bytes_in": 3595659, "bytes_out": 1112562, "packets_in": 5487, "packets_out": 9825, "duration_ms": 95088, "direction": "lateral", "action": "blocked", "geo": { "country": "US", "city": "Beijing" } }, { "flow_id": "FLOW-00143", "timestamp": "2024-11-15T14:12:31.000Z", "src_ip": "10.0.20.91", "src_port": 44391, "dst_ip": "10.0.20.236", "dst_port": 3389, "protocol": "UDP", "bytes_in": 640697, "bytes_out": 1654415, "packets_in": 36, "packets_out": 2436, "duration_ms": 76855, "direction": "outbound", "action": "allowed", "geo": { "country": "NL", "city": "London" } }, { "flow_id": "FLOW-00144", "timestamp": "2024-11-15T14:18:05.000Z", "src_ip": "10.0.100.210", "src_port": 22195, "dst_ip": "148.218.142.38", "dst_port": 53, "protocol": "TCP", "bytes_in": 3229824, "bytes_out": 739538, "packets_in": 5232, "packets_out": 8098, "duration_ms": 222211, "direction": "outbound", "action": "alerted", "geo": { "country": "NL", "city": "São Paulo" } }, { "flow_id": "FLOW-00145", "timestamp": "2024-11-15T14:24:26.000Z", "src_ip": "10.0.30.37", "src_port": 37025, "dst_ip": "10.0.10.100", "dst_port": 4444, "protocol": "ICMP", "bytes_in": 4477656, "bytes_out": 1033124, "packets_in": 8725, "packets_out": 8786, "duration_ms": 120647, "direction": "outbound", "action": "allowed", "geo": { "country": "BR", "city": "Amsterdam" } }, { "flow_id": "FLOW-00146", "timestamp": "2024-11-15T14:30:01.000Z", "src_ip": "10.0.10.181", "src_port": 24774, "dst_ip": "93.1.104.218", "dst_port": 1337, "protocol": "UDP", "bytes_in": 1120720, "bytes_out": 1931339, "packets_in": 1805, "packets_out": 977, "duration_ms": 183159, "direction": "outbound", "action": "allowed", "geo": { "country": "CN", "city": "London" } }, { "flow_id": "FLOW-00147", "timestamp": "2024-11-15T14:36:08.000Z", "src_ip": "219.215.124.54", "src_port": 8707, "dst_ip": "10.0.0.193", "dst_port": 53, "protocol": "UDP", "bytes_in": 221077, "bytes_out": 1459938, "packets_in": 6959, "packets_out": 6090, "duration_ms": 28356, "direction": "lateral", "action": "allowed", "geo": { "country": "BR", "city": "Berlin" } }, { "flow_id": "FLOW-00148", "timestamp": "2024-11-15T14:42:36.000Z", "src_ip": "153.80.15.38", "src_port": 55488, "dst_ip": "21.125.39.4", "dst_port": 8080, "protocol": "TCP", "bytes_in": 1530351, "bytes_out": 985232, "packets_in": 2296, "packets_out": 8642, "duration_ms": 157029, "direction": "outbound", "action": "blocked", "geo": { "country": "UA", "city": "London" } }, { "flow_id": "FLOW-00149", "timestamp": "2024-11-15T14:48:10.000Z", "src_ip": "10.0.0.75", "src_port": 1736, "dst_ip": "16.16.88.129", "dst_port": 8080, "protocol": "UDP", "bytes_in": 3810979, "bytes_out": 1162213, "packets_in": 4228, "packets_out": 9373, "duration_ms": 263126, "direction": "outbound", "action": "alerted", "geo": { "country": "RU", "city": "Amsterdam" } }, { "flow_id": "FLOW-00150", "timestamp": "2024-11-15T14:54:39.000Z", "src_ip": "10.0.20.251", "src_port": 4693, "dst_ip": "97.64.108.103", "dst_port": 22, "protocol": "UDP", "bytes_in": 1540999, "bytes_out": 1724981, "packets_in": 9164, "packets_out": 9914, "duration_ms": 40480, "direction": "lateral", "action": "blocked", "geo": { "country": "GB", "city": "Kyiv" } }, { "flow_id": "FLOW-00151", "timestamp": "2024-11-15T15:00:17.000Z", "src_ip": "10.0.50.213", "src_port": 8128, "dst_ip": "14.190.217.50", "dst_port": 443, "protocol": "TCP", "bytes_in": 3042625, "bytes_out": 1265045, "packets_in": 5497, "packets_out": 460, "duration_ms": 125583, "direction": "outbound", "action": "allowed", "geo": { "country": "FR", "city": "Berlin" } }, { "flow_id": "FLOW-00152", "timestamp": "2024-11-15T15:06:17.000Z", "src_ip": "153.5.158.49", "src_port": 6597, "dst_ip": "10.0.0.63", "dst_port": 9001, "protocol": "ICMP", "bytes_in": 376498, "bytes_out": 1182311, "packets_in": 7927, "packets_out": 749, "duration_ms": 25192, "direction": "outbound", "action": "allowed", "geo": { "country": "CN", "city": "Warsaw" } }, { "flow_id": "FLOW-00153", "timestamp": "2024-11-15T15:12:22.000Z", "src_ip": "10.0.20.247", "src_port": 64846, "dst_ip": "50.161.200.186", "dst_port": 53, "protocol": "ICMP", "bytes_in": 816945, "bytes_out": 694888, "packets_in": 6673, "packets_out": 8251, "duration_ms": 52955, "direction": "lateral", "action": "allowed", "geo": { "country": "PL", "city": "São Paulo" } }, { "flow_id": "FLOW-00154", "timestamp": "2024-11-15T15:18:10.000Z", "src_ip": "10.0.100.152", "src_port": 10955, "dst_ip": "10.0.0.76", "dst_port": 4444, "protocol": "TCP", "bytes_in": 782644, "bytes_out": 1998268, "packets_in": 3795, "packets_out": 3534, "duration_ms": 73853, "direction": "lateral", "action": "allowed", "geo": { "country": "FR", "city": "Paris" } }, { "flow_id": "FLOW-00155", "timestamp": "2024-11-15T15:24:23.000Z", "src_ip": "10.0.30.116", "src_port": 41883, "dst_ip": "10.0.30.76", "dst_port": 8080, "protocol": "TCP", "bytes_in": 3251775, "bytes_out": 501515, "packets_in": 3422, "packets_out": 9944, "duration_ms": 39321, "direction": "inbound", "action": "alerted", "geo": { "country": "GB", "city": "Berlin" } }, { "flow_id": "FLOW-00156", "timestamp": "2024-11-15T15:30:06.000Z", "src_ip": "10.0.2.198", "src_port": 30830, "dst_ip": "10.0.1.129", "dst_port": 3389, "protocol": "TCP", "bytes_in": 2479805, "bytes_out": 338696, "packets_in": 1117, "packets_out": 4590, "duration_ms": 190489, "direction": "outbound", "action": "allowed", "geo": { "country": "DE", "city": "New York" } }, { "flow_id": "FLOW-00157", "timestamp": "2024-11-15T15:36:56.000Z", "src_ip": "10.0.100.68", "src_port": 29993, "dst_ip": "10.0.20.197", "dst_port": 53, "protocol": "TCP", "bytes_in": 4770945, "bytes_out": 1024017, "packets_in": 649, "packets_out": 5956, "duration_ms": 150275, "direction": "outbound", "action": "blocked", "geo": { "country": "BR", "city": "New York" } }, { "flow_id": "FLOW-00158", "timestamp": "2024-11-15T15:42:56.000Z", "src_ip": "132.160.191.22", "src_port": 58403, "dst_ip": "10.0.100.69", "dst_port": 80, "protocol": "ICMP", "bytes_in": 478706, "bytes_out": 1554142, "packets_in": 4012, "packets_out": 9189, "duration_ms": 4165, "direction": "inbound", "action": "allowed", "geo": { "country": "CN", "city": "Amsterdam" } }, { "flow_id": "FLOW-00159", "timestamp": "2024-11-15T15:48:29.000Z", "src_ip": "103.37.114.100", "src_port": 31726, "dst_ip": "10.0.1.91", "dst_port": 1337, "protocol": "UDP", "bytes_in": 915420, "bytes_out": 180046, "packets_in": 2954, "packets_out": 1776, "duration_ms": 208114, "direction": "outbound", "action": "allowed", "geo": { "country": "NL", "city": "Kyiv" } }, { "flow_id": "FLOW-00160", "timestamp": "2024-11-15T15:54:29.000Z", "src_ip": "88.248.108.180", "src_port": 3532, "dst_ip": "10.0.1.73", "dst_port": 1337, "protocol": "TCP", "bytes_in": 3942437, "bytes_out": 305228, "packets_in": 3498, "packets_out": 5246, "duration_ms": 297904, "direction": "inbound", "action": "alerted", "geo": { "country": "NL", "city": "Warsaw" } }, { "flow_id": "FLOW-00161", "timestamp": "2024-11-15T16:00:55.000Z", "src_ip": "10.0.30.204", "src_port": 2527, "dst_ip": "122.109.27.55", "dst_port": 8080, "protocol": "UDP", "bytes_in": 2114591, "bytes_out": 1333196, "packets_in": 2886, "packets_out": 1370, "duration_ms": 74312, "direction": "inbound", "action": "blocked", "geo": { "country": "NL", "city": "Berlin" } }, { "flow_id": "FLOW-00162", "timestamp": "2024-11-15T16:06:57.000Z", "src_ip": "183.231.214.135", "src_port": 60113, "dst_ip": "67.94.27.24", "dst_port": 8080, "protocol": "UDP", "bytes_in": 2490683, "bytes_out": 345115, "packets_in": 3254, "packets_out": 5723, "duration_ms": 219730, "direction": "outbound", "action": "blocked", "geo": { "country": "FR", "city": "New York" } }, { "flow_id": "FLOW-00163", "timestamp": "2024-11-15T16:12:00.000Z", "src_ip": "10.0.50.92", "src_port": 37783, "dst_ip": "10.0.50.212", "dst_port": 9001, "protocol": "TCP", "bytes_in": 652770, "bytes_out": 1515725, "packets_in": 9478, "packets_out": 2370, "duration_ms": 169730, "direction": "lateral", "action": "alerted", "geo": { "country": "UA", "city": "Warsaw" } }, { "flow_id": "FLOW-00164", "timestamp": "2024-11-15T16:18:46.000Z", "src_ip": "118.75.255.222", "src_port": 1264, "dst_ip": "203.208.134.134", "dst_port": 4444, "protocol": "TCP", "bytes_in": 3769305, "bytes_out": 1339968, "packets_in": 9477, "packets_out": 1597, "duration_ms": 19130, "direction": "inbound", "action": "alerted", "geo": { "country": "RU", "city": "Amsterdam" } }, { "flow_id": "FLOW-00165", "timestamp": "2024-11-15T16:24:43.000Z", "src_ip": "10.0.2.155", "src_port": 38827, "dst_ip": "90.107.97.249", "dst_port": 80, "protocol": "UDP", "bytes_in": 3051793, "bytes_out": 34019, "packets_in": 4948, "packets_out": 5030, "duration_ms": 263238, "direction": "inbound", "action": "alerted", "geo": { "country": "GB", "city": "London" } }, { "flow_id": "FLOW-00166", "timestamp": "2024-11-15T16:30:59.000Z", "src_ip": "91.180.218.134", "src_port": 12546, "dst_ip": "10.0.30.31", "dst_port": 4444, "protocol": "UDP", "bytes_in": 3130033, "bytes_out": 371040, "packets_in": 9057, "packets_out": 9747, "duration_ms": 85280, "direction": "lateral", "action": "blocked", "geo": { "country": "NL", "city": "Beijing" } }, { "flow_id": "FLOW-00167", "timestamp": "2024-11-15T16:36:53.000Z", "src_ip": "10.0.50.164", "src_port": 7827, "dst_ip": "159.50.44.207", "dst_port": 443, "protocol": "ICMP", "bytes_in": 137859, "bytes_out": 1292455, "packets_in": 6739, "packets_out": 1699, "duration_ms": 260260, "direction": "lateral", "action": "alerted", "geo": { "country": "FR", "city": "Berlin" } }, { "flow_id": "FLOW-00168", "timestamp": "2024-11-15T16:42:29.000Z", "src_ip": "10.0.0.172", "src_port": 37172, "dst_ip": "108.108.114.199", "dst_port": 8080, "protocol": "TCP", "bytes_in": 1640542, "bytes_out": 1795944, "packets_in": 7694, "packets_out": 2039, "duration_ms": 183823, "direction": "outbound", "action": "blocked", "geo": { "country": "NL", "city": "Warsaw" } }, { "flow_id": "FLOW-00169", "timestamp": "2024-11-15T16:48:57.000Z", "src_ip": "10.0.10.131", "src_port": 53134, "dst_ip": "169.135.157.215", "dst_port": 8080, "protocol": "ICMP", "bytes_in": 2026369, "bytes_out": 8783, "packets_in": 6793, "packets_out": 536, "duration_ms": 8143, "direction": "inbound", "action": "allowed", "geo": { "country": "UA", "city": "Paris" } }, { "flow_id": "FLOW-00170", "timestamp": "2024-11-15T16:54:25.000Z", "src_ip": "10.0.30.87", "src_port": 13650, "dst_ip": "147.220.123.143", "dst_port": 9001, "protocol": "ICMP", "bytes_in": 3299452, "bytes_out": 1737659, "packets_in": 846, "packets_out": 9468, "duration_ms": 224974, "direction": "inbound", "action": "alerted", "geo": { "country": "NL", "city": "New York" } }, { "flow_id": "FLOW-00171", "timestamp": "2024-11-15T17:00:36.000Z", "src_ip": "82.81.223.60", "src_port": 52422, "dst_ip": "206.64.60.162", "dst_port": 8080, "protocol": "ICMP", "bytes_in": 2183032, "bytes_out": 1756088, "packets_in": 9059, "packets_out": 2606, "duration_ms": 169033, "direction": "inbound", "action": "allowed", "geo": { "country": "DE", "city": "Warsaw" } }, { "flow_id": "FLOW-00172", "timestamp": "2024-11-15T17:06:24.000Z", "src_ip": "161.78.14.159", "src_port": 2681, "dst_ip": "10.0.1.148", "dst_port": 53, "protocol": "UDP", "bytes_in": 3004203, "bytes_out": 391298, "packets_in": 3928, "packets_out": 3634, "duration_ms": 155673, "direction": "inbound", "action": "alerted", "geo": { "country": "RU", "city": "Amsterdam" } }, { "flow_id": "FLOW-00173", "timestamp": "2024-11-15T17:12:29.000Z", "src_ip": "10.0.0.72", "src_port": 61788, "dst_ip": "37.11.52.29", "dst_port": 9001, "protocol": "TCP", "bytes_in": 898288, "bytes_out": 297514, "packets_in": 4628, "packets_out": 4293, "duration_ms": 94701, "direction": "inbound", "action": "allowed", "geo": { "country": "GB", "city": "Kyiv" } }, { "flow_id": "FLOW-00174", "timestamp": "2024-11-15T17:18:31.000Z", "src_ip": "10.0.10.102", "src_port": 63887, "dst_ip": "204.11.211.19", "dst_port": 443, "protocol": "TCP", "bytes_in": 3522500, "bytes_out": 787029, "packets_in": 5138, "packets_out": 7388, "duration_ms": 84465, "direction": "inbound", "action": "blocked", "geo": { "country": "PL", "city": "New York" } }, { "flow_id": "FLOW-00175", "timestamp": "2024-11-15T17:24:39.000Z", "src_ip": "10.0.0.32", "src_port": 40345, "dst_ip": "10.0.30.125", "dst_port": 1337, "protocol": "TCP", "bytes_in": 1328721, "bytes_out": 1094250, "packets_in": 4170, "packets_out": 1993, "duration_ms": 101107, "direction": "lateral", "action": "allowed", "geo": { "country": "FR", "city": "Warsaw" } }, { "flow_id": "FLOW-00176", "timestamp": "2024-11-15T17:30:13.000Z", "src_ip": "10.0.2.57", "src_port": 2957, "dst_ip": "10.0.1.232", "dst_port": 3389, "protocol": "TCP", "bytes_in": 1843553, "bytes_out": 175056, "packets_in": 2074, "packets_out": 4385, "duration_ms": 143481, "direction": "outbound", "action": "allowed", "geo": { "country": "DE", "city": "Kyiv" } }, { "flow_id": "FLOW-00177", "timestamp": "2024-11-15T17:36:32.000Z", "src_ip": "10.0.20.121", "src_port": 63043, "dst_ip": "10.0.100.113", "dst_port": 8080, "protocol": "TCP", "bytes_in": 2097997, "bytes_out": 362786, "packets_in": 3243, "packets_out": 4606, "duration_ms": 205954, "direction": "inbound", "action": "alerted", "geo": { "country": "BR", "city": "Beijing" } }, { "flow_id": "FLOW-00178", "timestamp": "2024-11-15T17:42:06.000Z", "src_ip": "53.249.221.227", "src_port": 40823, "dst_ip": "153.139.163.160", "dst_port": 8080, "protocol": "UDP", "bytes_in": 1675443, "bytes_out": 1189447, "packets_in": 5783, "packets_out": 6127, "duration_ms": 33695, "direction": "outbound", "action": "allowed", "geo": { "country": "PL", "city": "Paris" } }, { "flow_id": "FLOW-00179", "timestamp": "2024-11-15T17:48:11.000Z", "src_ip": "105.150.180.102", "src_port": 24469, "dst_ip": "47.165.219.203", "dst_port": 22, "protocol": "TCP", "bytes_in": 1805159, "bytes_out": 1377797, "packets_in": 6090, "packets_out": 6095, "duration_ms": 76043, "direction": "outbound", "action": "allowed", "geo": { "country": "PL", "city": "Kyiv" } }, { "flow_id": "FLOW-00180", "timestamp": "2024-11-15T17:54:04.000Z", "src_ip": "10.0.30.56", "src_port": 26294, "dst_ip": "204.164.119.144", "dst_port": 25, "protocol": "ICMP", "bytes_in": 1779918, "bytes_out": 1105813, "packets_in": 3563, "packets_out": 1687, "duration_ms": 294104, "direction": "outbound", "action": "alerted", "geo": { "country": "BR", "city": "Berlin" } }, { "flow_id": "FLOW-00181", "timestamp": "2024-11-15T18:00:20.000Z", "src_ip": "10.0.50.176", "src_port": 14009, "dst_ip": "10.0.30.210", "dst_port": 22, "protocol": "TCP", "bytes_in": 4143484, "bytes_out": 1045810, "packets_in": 767, "packets_out": 4497, "duration_ms": 220850, "direction": "inbound", "action": "allowed", "geo": { "country": "GB", "city": "New York" } }, { "flow_id": "FLOW-00182", "timestamp": "2024-11-15T18:06:41.000Z", "src_ip": "10.0.50.62", "src_port": 52358, "dst_ip": "10.0.20.6", "dst_port": 9001, "protocol": "TCP", "bytes_in": 3873687, "bytes_out": 596422, "packets_in": 2148, "packets_out": 6600, "duration_ms": 19403, "direction": "lateral", "action": "alerted", "geo": { "country": "PL", "city": "Kyiv" } }, { "flow_id": "FLOW-00183", "timestamp": "2024-11-15T18:12:20.000Z", "src_ip": "10.0.1.122", "src_port": 50417, "dst_ip": "206.212.154.71", "dst_port": 3389, "protocol": "UDP", "bytes_in": 669199, "bytes_out": 1167024, "packets_in": 5132, "packets_out": 8091, "duration_ms": 24680, "direction": "outbound", "action": "blocked", "geo": { "country": "GB", "city": "London" } }, { "flow_id": "FLOW-00184", "timestamp": "2024-11-15T18:18:03.000Z", "src_ip": "10.0.1.217", "src_port": 55121, "dst_ip": "159.52.14.58", "dst_port": 80, "protocol": "TCP", "bytes_in": 882006, "bytes_out": 677148, "packets_in": 7139, "packets_out": 3709, "duration_ms": 89230, "direction": "inbound", "action": "allowed", "geo": { "country": "UA", "city": "Paris" } }, { "flow_id": "FLOW-00185", "timestamp": "2024-11-15T18:24:03.000Z", "src_ip": "10.0.0.68", "src_port": 63096, "dst_ip": "10.0.0.30", "dst_port": 25, "protocol": "TCP", "bytes_in": 2212367, "bytes_out": 690716, "packets_in": 6219, "packets_out": 4423, "duration_ms": 89307, "direction": "inbound", "action": "alerted", "geo": { "country": "GB", "city": "Berlin" } }, { "flow_id": "FLOW-00186", "timestamp": "2024-11-15T18:30:31.000Z", "src_ip": "221.75.211.164", "src_port": 65010, "dst_ip": "32.123.244.170", "dst_port": 25, "protocol": "UDP", "bytes_in": 4049298, "bytes_out": 473664, "packets_in": 1505, "packets_out": 4323, "duration_ms": 155313, "direction": "lateral", "action": "allowed", "geo": { "country": "UA", "city": "Paris" } }, { "flow_id": "FLOW-00187", "timestamp": "2024-11-15T18:36:04.000Z", "src_ip": "10.0.10.170", "src_port": 5948, "dst_ip": "10.0.10.179", "dst_port": 4444, "protocol": "TCP", "bytes_in": 1782437, "bytes_out": 27595, "packets_in": 3542, "packets_out": 7671, "duration_ms": 201883, "direction": "inbound", "action": "blocked", "geo": { "country": "DE", "city": "Kyiv" } }, { "flow_id": "FLOW-00188", "timestamp": "2024-11-15T18:42:58.000Z", "src_ip": "152.160.159.182", "src_port": 24855, "dst_ip": "40.54.66.57", "dst_port": 8080, "protocol": "UDP", "bytes_in": 4307312, "bytes_out": 425829, "packets_in": 6557, "packets_out": 3080, "duration_ms": 35987, "direction": "outbound", "action": "blocked", "geo": { "country": "US", "city": "Beijing" } }, { "flow_id": "FLOW-00189", "timestamp": "2024-11-15T18:48:57.000Z", "src_ip": "10.0.1.39", "src_port": 31226, "dst_ip": "28.56.123.5", "dst_port": 53, "protocol": "UDP", "bytes_in": 239862, "bytes_out": 998812, "packets_in": 8699, "packets_out": 7417, "duration_ms": 184527, "direction": "outbound", "action": "allowed", "geo": { "country": "FR", "city": "Berlin" } }, { "flow_id": "FLOW-00190", "timestamp": "2024-11-15T18:54:23.000Z", "src_ip": "55.77.203.129", "src_port": 7434, "dst_ip": "86.27.225.70", "dst_port": 80, "protocol": "ICMP", "bytes_in": 3208895, "bytes_out": 1535182, "packets_in": 6924, "packets_out": 3178, "duration_ms": 154144, "direction": "inbound", "action": "blocked", "geo": { "country": "US", "city": "São Paulo" } }, { "flow_id": "FLOW-00191", "timestamp": "2024-11-15T19:00:07.000Z", "src_ip": "156.252.221.28", "src_port": 15414, "dst_ip": "10.0.10.247", "dst_port": 443, "protocol": "TCP", "bytes_in": 299436, "bytes_out": 1206409, "packets_in": 4362, "packets_out": 3912, "duration_ms": 34523, "direction": "lateral", "action": "allowed", "geo": { "country": "CN", "city": "Moscow" } }, { "flow_id": "FLOW-00192", "timestamp": "2024-11-15T19:06:10.000Z", "src_ip": "10.0.50.102", "src_port": 52517, "dst_ip": "57.137.253.53", "dst_port": 22, "protocol": "UDP", "bytes_in": 2415920, "bytes_out": 1480345, "packets_in": 9770, "packets_out": 4719, "duration_ms": 1629, "direction": "inbound", "action": "allowed", "geo": { "country": "FR", "city": "São Paulo" } }, { "flow_id": "FLOW-00193", "timestamp": "2024-11-15T19:12:21.000Z", "src_ip": "79.122.87.81", "src_port": 59997, "dst_ip": "10.0.2.49", "dst_port": 4444, "protocol": "TCP", "bytes_in": 106891, "bytes_out": 1396833, "packets_in": 7776, "packets_out": 7012, "duration_ms": 175141, "direction": "inbound", "action": "allowed", "geo": { "country": "CN", "city": "Berlin" } }, { "flow_id": "FLOW-00194", "timestamp": "2024-11-15T19:18:07.000Z", "src_ip": "195.4.180.249", "src_port": 3984, "dst_ip": "1.250.126.121", "dst_port": 80, "protocol": "ICMP", "bytes_in": 2438284, "bytes_out": 1751938, "packets_in": 3741, "packets_out": 8607, "duration_ms": 263794, "direction": "inbound", "action": "allowed", "geo": { "country": "DE", "city": "Berlin" } }, { "flow_id": "FLOW-00195", "timestamp": "2024-11-15T19:24:31.000Z", "src_ip": "189.171.231.126", "src_port": 17639, "dst_ip": "10.0.20.171", "dst_port": 3389, "protocol": "UDP", "bytes_in": 113822, "bytes_out": 1735980, "packets_in": 5778, "packets_out": 4934, "duration_ms": 174976, "direction": "lateral", "action": "alerted", "geo": { "country": "BR", "city": "London" } }, { "flow_id": "FLOW-00196", "timestamp": "2024-11-15T19:30:01.000Z", "src_ip": "176.10.75.251", "src_port": 17038, "dst_ip": "57.72.182.128", "dst_port": 9001, "protocol": "ICMP", "bytes_in": 3613209, "bytes_out": 753822, "packets_in": 3381, "packets_out": 1463, "duration_ms": 101630, "direction": "outbound", "action": "alerted", "geo": { "country": "DE", "city": "Beijing" } }, { "flow_id": "FLOW-00197", "timestamp": "2024-11-15T19:36:58.000Z", "src_ip": "10.0.100.254", "src_port": 45527, "dst_ip": "10.0.2.69", "dst_port": 3389, "protocol": "UDP", "bytes_in": 3280229, "bytes_out": 1235596, "packets_in": 6837, "packets_out": 4527, "duration_ms": 162175, "direction": "inbound", "action": "allowed", "geo": { "country": "BR", "city": "Paris" } }, { "flow_id": "FLOW-00198", "timestamp": "2024-11-15T19:42:07.000Z", "src_ip": "10.0.1.112", "src_port": 64559, "dst_ip": "10.0.30.75", "dst_port": 80, "protocol": "UDP", "bytes_in": 1234289, "bytes_out": 978002, "packets_in": 2462, "packets_out": 8572, "duration_ms": 151930, "direction": "lateral", "action": "alerted", "geo": { "country": "US", "city": "Beijing" } }, { "flow_id": "FLOW-00199", "timestamp": "2024-11-15T19:48:19.000Z", "src_ip": "17.150.7.117", "src_port": 1357, "dst_ip": "73.63.27.126", "dst_port": 8080, "protocol": "UDP", "bytes_in": 5447, "bytes_out": 104716, "packets_in": 4120, "packets_out": 2257, "duration_ms": 183616, "direction": "outbound", "action": "alerted", "geo": { "country": "FR", "city": "New York" } }, { "flow_id": "FLOW-00200", "timestamp": "2024-11-15T19:54:37.000Z", "src_ip": "10.0.20.38", "src_port": 61203, "dst_ip": "10.0.10.112", "dst_port": 443, "protocol": "UDP", "bytes_in": 1835976, "bytes_out": 67459, "packets_in": 7753, "packets_out": 5811, "duration_ms": 130406, "direction": "lateral", "action": "alerted", "geo": { "country": "NL", "city": "Amsterdam" } }, { "flow_id": "FLOW-00201", "timestamp": "2024-11-15T20:00:37.000Z", "src_ip": "26.133.154.153", "src_port": 10145, "dst_ip": "145.223.165.206", "dst_port": 22, "protocol": "UDP", "bytes_in": 1138320, "bytes_out": 873134, "packets_in": 9082, "packets_out": 3269, "duration_ms": 157844, "direction": "outbound", "action": "allowed", "geo": { "country": "CN", "city": "São Paulo" } }, { "flow_id": "FLOW-00202", "timestamp": "2024-11-15T20:06:33.000Z", "src_ip": "10.0.100.141", "src_port": 29984, "dst_ip": "201.223.49.36", "dst_port": 3389, "protocol": "ICMP", "bytes_in": 2999486, "bytes_out": 982325, "packets_in": 5804, "packets_out": 7007, "duration_ms": 244608, "direction": "outbound", "action": "blocked", "geo": { "country": "GB", "city": "Warsaw" } }, { "flow_id": "FLOW-00203", "timestamp": "2024-11-15T20:12:08.000Z", "src_ip": "10.0.0.247", "src_port": 41342, "dst_ip": "10.0.1.195", "dst_port": 25, "protocol": "TCP", "bytes_in": 4868161, "bytes_out": 1074239, "packets_in": 6114, "packets_out": 2086, "duration_ms": 284830, "direction": "lateral", "action": "blocked", "geo": { "country": "PL", "city": "Amsterdam" } }, { "flow_id": "FLOW-00204", "timestamp": "2024-11-15T20:18:03.000Z", "src_ip": "172.3.236.207", "src_port": 6572, "dst_ip": "10.0.100.216", "dst_port": 80, "protocol": "UDP", "bytes_in": 898055, "bytes_out": 699429, "packets_in": 9738, "packets_out": 1596, "duration_ms": 152346, "direction": "lateral", "action": "blocked", "geo": { "country": "UA", "city": "Warsaw" } }, { "flow_id": "FLOW-00205", "timestamp": "2024-11-15T20:24:57.000Z", "src_ip": "150.27.104.133", "src_port": 45305, "dst_ip": "190.253.69.58", "dst_port": 53, "protocol": "UDP", "bytes_in": 2608005, "bytes_out": 1508214, "packets_in": 106, "packets_out": 7946, "duration_ms": 105225, "direction": "inbound", "action": "allowed", "geo": { "country": "PL", "city": "New York" } }, { "flow_id": "FLOW-00206", "timestamp": "2024-11-15T20:30:53.000Z", "src_ip": "10.0.1.135", "src_port": 34172, "dst_ip": "53.53.242.7", "dst_port": 4444, "protocol": "UDP", "bytes_in": 466916, "bytes_out": 1942119, "packets_in": 1996, "packets_out": 4914, "duration_ms": 212105, "direction": "outbound", "action": "allowed", "geo": { "country": "RU", "city": "Paris" } }, { "flow_id": "FLOW-00207", "timestamp": "2024-11-15T20:36:47.000Z", "src_ip": "157.224.63.111", "src_port": 44111, "dst_ip": "6.94.72.210", "dst_port": 22, "protocol": "TCP", "bytes_in": 4290962, "bytes_out": 1555447, "packets_in": 8957, "packets_out": 3283, "duration_ms": 249645, "direction": "outbound", "action": "blocked", "geo": { "country": "CN", "city": "Berlin" } }, { "flow_id": "FLOW-00208", "timestamp": "2024-11-15T20:42:44.000Z", "src_ip": "10.0.100.96", "src_port": 53443, "dst_ip": "10.0.50.100", "dst_port": 443, "protocol": "UDP", "bytes_in": 3497245, "bytes_out": 1706083, "packets_in": 6961, "packets_out": 2428, "duration_ms": 14665, "direction": "outbound", "action": "blocked", "geo": { "country": "DE", "city": "São Paulo" } }, { "flow_id": "FLOW-00209", "timestamp": "2024-11-15T20:48:58.000Z", "src_ip": "149.155.17.166", "src_port": 60468, "dst_ip": "10.0.100.12", "dst_port": 3389, "protocol": "TCP", "bytes_in": 3925153, "bytes_out": 1850641, "packets_in": 7510, "packets_out": 4537, "duration_ms": 4782, "direction": "inbound", "action": "blocked", "geo": { "country": "FR", "city": "Paris" } }, { "flow_id": "FLOW-00210", "timestamp": "2024-11-15T20:54:46.000Z", "src_ip": "181.199.32.45", "src_port": 37930, "dst_ip": "10.0.30.169", "dst_port": 3389, "protocol": "UDP", "bytes_in": 1174798, "bytes_out": 583785, "packets_in": 4964, "packets_out": 6455, "duration_ms": 35762, "direction": "lateral", "action": "blocked", "geo": { "country": "NL", "city": "London" } }, { "flow_id": "FLOW-00211", "timestamp": "2024-11-15T21:00:44.000Z", "src_ip": "10.0.2.149", "src_port": 22262, "dst_ip": "10.0.20.35", "dst_port": 9001, "protocol": "ICMP", "bytes_in": 2920098, "bytes_out": 1225835, "packets_in": 6616, "packets_out": 1108, "duration_ms": 23556, "direction": "inbound", "action": "alerted", "geo": { "country": "US", "city": "Moscow" } }, { "flow_id": "FLOW-00212", "timestamp": "2024-11-15T21:06:57.000Z", "src_ip": "28.255.243.83", "src_port": 58745, "dst_ip": "10.0.10.28", "dst_port": 53, "protocol": "ICMP", "bytes_in": 3221989, "bytes_out": 1585120, "packets_in": 6883, "packets_out": 1055, "duration_ms": 32468, "direction": "lateral", "action": "blocked", "geo": { "country": "DE", "city": "Warsaw" } }, { "flow_id": "FLOW-00213", "timestamp": "2024-11-15T21:12:11.000Z", "src_ip": "10.0.1.115", "src_port": 22071, "dst_ip": "10.0.0.238", "dst_port": 443, "protocol": "ICMP", "bytes_in": 3770824, "bytes_out": 792009, "packets_in": 2183, "packets_out": 9401, "duration_ms": 291750, "direction": "inbound", "action": "allowed", "geo": { "country": "CN", "city": "London" } }, { "flow_id": "FLOW-00214", "timestamp": "2024-11-15T21:18:01.000Z", "src_ip": "74.115.103.190", "src_port": 42253, "dst_ip": "209.98.44.150", "dst_port": 443, "protocol": "TCP", "bytes_in": 278894, "bytes_out": 1698775, "packets_in": 2303, "packets_out": 86, "duration_ms": 188514, "direction": "outbound", "action": "alerted", "geo": { "country": "FR", "city": "Berlin" } }, { "flow_id": "FLOW-00215", "timestamp": "2024-11-15T21:24:39.000Z", "src_ip": "175.254.97.214", "src_port": 59990, "dst_ip": "212.242.180.92", "dst_port": 1337, "protocol": "TCP", "bytes_in": 563398, "bytes_out": 920458, "packets_in": 7005, "packets_out": 6163, "duration_ms": 37156, "direction": "lateral", "action": "allowed", "geo": { "country": "US", "city": "Paris" } }, { "flow_id": "FLOW-00216", "timestamp": "2024-11-15T21:30:14.000Z", "src_ip": "31.255.118.14", "src_port": 54850, "dst_ip": "10.0.30.7", "dst_port": 25, "protocol": "UDP", "bytes_in": 3275198, "bytes_out": 1474935, "packets_in": 5864, "packets_out": 1114, "duration_ms": 82766, "direction": "outbound", "action": "allowed", "geo": { "country": "FR", "city": "São Paulo" } }, { "flow_id": "FLOW-00217", "timestamp": "2024-11-15T21:36:58.000Z", "src_ip": "133.159.204.159", "src_port": 18263, "dst_ip": "179.56.241.240", "dst_port": 80, "protocol": "TCP", "bytes_in": 2835793, "bytes_out": 883815, "packets_in": 4275, "packets_out": 3286, "duration_ms": 175396, "direction": "inbound", "action": "allowed", "geo": { "country": "RU", "city": "Paris" } }, { "flow_id": "FLOW-00218", "timestamp": "2024-11-15T21:42:31.000Z", "src_ip": "10.0.30.238", "src_port": 5802, "dst_ip": "10.0.0.62", "dst_port": 9001, "protocol": "ICMP", "bytes_in": 296702, "bytes_out": 725354, "packets_in": 1160, "packets_out": 6820, "duration_ms": 42255, "direction": "lateral", "action": "blocked", "geo": { "country": "US", "city": "Beijing" } }, { "flow_id": "FLOW-00219", "timestamp": "2024-11-15T21:48:19.000Z", "src_ip": "10.0.1.11", "src_port": 52243, "dst_ip": "58.179.220.123", "dst_port": 22, "protocol": "TCP", "bytes_in": 464428, "bytes_out": 55331, "packets_in": 3215, "packets_out": 8753, "duration_ms": 198909, "direction": "lateral", "action": "alerted", "geo": { "country": "PL", "city": "Paris" } }, { "flow_id": "FLOW-00220", "timestamp": "2024-11-15T21:54:28.000Z", "src_ip": "100.193.64.111", "src_port": 8756, "dst_ip": "10.0.2.31", "dst_port": 9001, "protocol": "UDP", "bytes_in": 2951084, "bytes_out": 406168, "packets_in": 5622, "packets_out": 7153, "duration_ms": 30369, "direction": "inbound", "action": "allowed", "geo": { "country": "DE", "city": "São Paulo" } }, { "flow_id": "FLOW-00221", "timestamp": "2024-11-15T22:00:03.000Z", "src_ip": "106.23.7.224", "src_port": 9328, "dst_ip": "10.0.0.21", "dst_port": 4444, "protocol": "TCP", "bytes_in": 2370650, "bytes_out": 91750, "packets_in": 5147, "packets_out": 5729, "duration_ms": 128055, "direction": "outbound", "action": "allowed", "geo": { "country": "BR", "city": "Amsterdam" } }, { "flow_id": "FLOW-00222", "timestamp": "2024-11-15T22:06:45.000Z", "src_ip": "32.39.39.65", "src_port": 49207, "dst_ip": "10.0.10.128", "dst_port": 3389, "protocol": "TCP", "bytes_in": 3720762, "bytes_out": 1495614, "packets_in": 4960, "packets_out": 6012, "duration_ms": 289096, "direction": "outbound", "action": "alerted", "geo": { "country": "RU", "city": "Paris" } }, { "flow_id": "FLOW-00223", "timestamp": "2024-11-15T22:12:22.000Z", "src_ip": "10.0.30.180", "src_port": 60034, "dst_ip": "10.0.1.15", "dst_port": 8080, "protocol": "ICMP", "bytes_in": 4078669, "bytes_out": 586813, "packets_in": 1286, "packets_out": 3336, "duration_ms": 71897, "direction": "lateral", "action": "allowed", "geo": { "country": "CN", "city": "Paris" } }, { "flow_id": "FLOW-00224", "timestamp": "2024-11-15T22:18:31.000Z", "src_ip": "96.72.18.251", "src_port": 55833, "dst_ip": "113.232.58.6", "dst_port": 80, "protocol": "UDP", "bytes_in": 2331822, "bytes_out": 1233693, "packets_in": 6295, "packets_out": 4922, "duration_ms": 44299, "direction": "inbound", "action": "blocked", "geo": { "country": "BR", "city": "Amsterdam" } }, { "flow_id": "FLOW-00225", "timestamp": "2024-11-15T22:24:27.000Z", "src_ip": "221.195.196.114", "src_port": 35921, "dst_ip": "53.194.94.169", "dst_port": 80, "protocol": "ICMP", "bytes_in": 2559831, "bytes_out": 65717, "packets_in": 8873, "packets_out": 5699, "duration_ms": 13628, "direction": "lateral", "action": "blocked", "geo": { "country": "CN", "city": "São Paulo" } }, { "flow_id": "FLOW-00226", "timestamp": "2024-11-15T22:30:24.000Z", "src_ip": "8.174.222.222", "src_port": 63445, "dst_ip": "187.29.55.142", "dst_port": 25, "protocol": "ICMP", "bytes_in": 3888205, "bytes_out": 888910, "packets_in": 9382, "packets_out": 9312, "duration_ms": 272060, "direction": "outbound", "action": "allowed", "geo": { "country": "NL", "city": "London" } }, { "flow_id": "FLOW-00227", "timestamp": "2024-11-15T22:36:43.000Z", "src_ip": "10.0.10.35", "src_port": 63346, "dst_ip": "10.0.20.206", "dst_port": 25, "protocol": "TCP", "bytes_in": 2096650, "bytes_out": 1617679, "packets_in": 8894, "packets_out": 4847, "duration_ms": 176965, "direction": "lateral", "action": "blocked", "geo": { "country": "PL", "city": "São Paulo" } }, { "flow_id": "FLOW-00228", "timestamp": "2024-11-15T22:42:11.000Z", "src_ip": "69.128.6.32", "src_port": 30109, "dst_ip": "170.164.135.217", "dst_port": 4444, "protocol": "TCP", "bytes_in": 3690290, "bytes_out": 18667, "packets_in": 7643, "packets_out": 607, "duration_ms": 188075, "direction": "outbound", "action": "alerted", "geo": { "country": "FR", "city": "Moscow" } }, { "flow_id": "FLOW-00229", "timestamp": "2024-11-15T22:48:04.000Z", "src_ip": "149.40.141.230", "src_port": 29888, "dst_ip": "10.0.30.246", "dst_port": 53, "protocol": "UDP", "bytes_in": 2316530, "bytes_out": 544360, "packets_in": 8109, "packets_out": 2085, "duration_ms": 119234, "direction": "lateral", "action": "allowed", "geo": { "country": "US", "city": "São Paulo" } }, { "flow_id": "FLOW-00230", "timestamp": "2024-11-15T22:54:32.000Z", "src_ip": "10.0.10.31", "src_port": 57422, "dst_ip": "10.0.2.177", "dst_port": 4444, "protocol": "ICMP", "bytes_in": 2662058, "bytes_out": 88051, "packets_in": 9068, "packets_out": 3735, "duration_ms": 31884, "direction": "lateral", "action": "blocked", "geo": { "country": "CN", "city": "Warsaw" } }, { "flow_id": "FLOW-00231", "timestamp": "2024-11-15T23:00:06.000Z", "src_ip": "10.0.30.140", "src_port": 6101, "dst_ip": "10.0.10.91", "dst_port": 1337, "protocol": "UDP", "bytes_in": 949508, "bytes_out": 1071783, "packets_in": 1269, "packets_out": 3883, "duration_ms": 106977, "direction": "outbound", "action": "alerted", "geo": { "country": "UA", "city": "Amsterdam" } }, { "flow_id": "FLOW-00232", "timestamp": "2024-11-15T23:06:26.000Z", "src_ip": "110.144.73.7", "src_port": 59835, "dst_ip": "202.184.171.250", "dst_port": 3389, "protocol": "UDP", "bytes_in": 2466843, "bytes_out": 1304317, "packets_in": 511, "packets_out": 2627, "duration_ms": 193097, "direction": "inbound", "action": "blocked", "geo": { "country": "US", "city": "São Paulo" } }, { "flow_id": "FLOW-00233", "timestamp": "2024-11-15T23:12:13.000Z", "src_ip": "156.108.160.131", "src_port": 25851, "dst_ip": "10.0.30.242", "dst_port": 9001, "protocol": "TCP", "bytes_in": 1258981, "bytes_out": 799266, "packets_in": 1286, "packets_out": 1267, "duration_ms": 117746, "direction": "lateral", "action": "alerted", "geo": { "country": "BR", "city": "Paris" } }, { "flow_id": "FLOW-00234", "timestamp": "2024-11-15T23:18:30.000Z", "src_ip": "10.0.1.218", "src_port": 44225, "dst_ip": "10.0.0.157", "dst_port": 1337, "protocol": "ICMP", "bytes_in": 3699586, "bytes_out": 664734, "packets_in": 4411, "packets_out": 3196, "duration_ms": 153651, "direction": "inbound", "action": "blocked", "geo": { "country": "RU", "city": "Kyiv" } }, { "flow_id": "FLOW-00235", "timestamp": "2024-11-15T23:24:05.000Z", "src_ip": "81.59.123.114", "src_port": 24091, "dst_ip": "10.0.50.94", "dst_port": 1337, "protocol": "ICMP", "bytes_in": 641320, "bytes_out": 1918193, "packets_in": 5936, "packets_out": 7933, "duration_ms": 120770, "direction": "outbound", "action": "blocked", "geo": { "country": "RU", "city": "São Paulo" } }, { "flow_id": "FLOW-00236", "timestamp": "2024-11-15T23:30:37.000Z", "src_ip": "10.0.2.238", "src_port": 44664, "dst_ip": "10.0.50.174", "dst_port": 53, "protocol": "ICMP", "bytes_in": 2183442, "bytes_out": 1669094, "packets_in": 4701, "packets_out": 5597, "duration_ms": 164545, "direction": "inbound", "action": "allowed", "geo": { "country": "NL", "city": "Amsterdam" } }, { "flow_id": "FLOW-00237", "timestamp": "2024-11-15T23:36:29.000Z", "src_ip": "10.0.2.149", "src_port": 2040, "dst_ip": "198.101.92.225", "dst_port": 53, "protocol": "TCP", "bytes_in": 3511750, "bytes_out": 552403, "packets_in": 9087, "packets_out": 7699, "duration_ms": 52951, "direction": "inbound", "action": "allowed", "geo": { "country": "NL", "city": "Warsaw" } }, { "flow_id": "FLOW-00238", "timestamp": "2024-11-15T23:42:27.000Z", "src_ip": "10.0.1.35", "src_port": 24247, "dst_ip": "10.0.50.233", "dst_port": 53, "protocol": "UDP", "bytes_in": 4672021, "bytes_out": 506389, "packets_in": 4807, "packets_out": 1951, "duration_ms": 176585, "direction": "outbound", "action": "alerted", "geo": { "country": "BR", "city": "São Paulo" } }, { "flow_id": "FLOW-00239", "timestamp": "2024-11-15T23:48:26.000Z", "src_ip": "185.23.37.190", "src_port": 42366, "dst_ip": "10.0.100.235", "dst_port": 4444, "protocol": "ICMP", "bytes_in": 3654897, "bytes_out": 606751, "packets_in": 7817, "packets_out": 2206, "duration_ms": 96182, "direction": "lateral", "action": "alerted", "geo": { "country": "FR", "city": "Berlin" } }, { "flow_id": "FLOW-00240", "timestamp": "2024-11-15T23:54:19.000Z", "src_ip": "2.189.232.98", "src_port": 33352, "dst_ip": "46.143.49.60", "dst_port": 3389, "protocol": "TCP", "bytes_in": 4732340, "bytes_out": 1085712, "packets_in": 8605, "packets_out": 9500, "duration_ms": 266458, "direction": "outbound", "action": "blocked", "geo": { "country": "UA", "city": "Amsterdam" } }, { "flow_id": "FLOW-00241", "timestamp": "2024-11-16T00:00:33.000Z", "src_ip": "46.73.21.209", "src_port": 19259, "dst_ip": "10.0.10.112", "dst_port": 9001, "protocol": "ICMP", "bytes_in": 2637168, "bytes_out": 208660, "packets_in": 5691, "packets_out": 4667, "duration_ms": 86819, "direction": "inbound", "action": "blocked", "geo": { "country": "CN", "city": "London" } }, { "flow_id": "FLOW-00242", "timestamp": "2024-11-16T00:06:14.000Z", "src_ip": "44.147.132.254", "src_port": 44699, "dst_ip": "10.0.1.238", "dst_port": 25, "protocol": "TCP", "bytes_in": 805169, "bytes_out": 433845, "packets_in": 9047, "packets_out": 8335, "duration_ms": 88528, "direction": "inbound", "action": "alerted", "geo": { "country": "PL", "city": "Paris" } }, { "flow_id": "FLOW-00243", "timestamp": "2024-11-16T00:12:18.000Z", "src_ip": "10.0.10.3", "src_port": 62746, "dst_ip": "211.13.189.53", "dst_port": 9001, "protocol": "UDP", "bytes_in": 3731523, "bytes_out": 1092457, "packets_in": 2068, "packets_out": 7436, "duration_ms": 154635, "direction": "inbound", "action": "alerted", "geo": { "country": "DE", "city": "London" } }, { "flow_id": "FLOW-00244", "timestamp": "2024-11-16T00:18:22.000Z", "src_ip": "10.0.100.69", "src_port": 53691, "dst_ip": "36.142.59.248", "dst_port": 443, "protocol": "ICMP", "bytes_in": 1866040, "bytes_out": 1525451, "packets_in": 1219, "packets_out": 5360, "duration_ms": 82171, "direction": "lateral", "action": "blocked", "geo": { "country": "CN", "city": "London" } }, { "flow_id": "FLOW-00245", "timestamp": "2024-11-16T00:24:06.000Z", "src_ip": "10.0.1.182", "src_port": 62127, "dst_ip": "10.0.0.112", "dst_port": 1337, "protocol": "UDP", "bytes_in": 1597243, "bytes_out": 1764672, "packets_in": 9146, "packets_out": 584, "duration_ms": 4179, "direction": "inbound", "action": "allowed", "geo": { "country": "BR", "city": "Amsterdam" } }, { "flow_id": "FLOW-00246", "timestamp": "2024-11-16T00:30:11.000Z", "src_ip": "10.0.10.174", "src_port": 49098, "dst_ip": "121.77.248.209", "dst_port": 4444, "protocol": "UDP", "bytes_in": 1105614, "bytes_out": 416501, "packets_in": 1454, "packets_out": 8460, "duration_ms": 112297, "direction": "inbound", "action": "blocked", "geo": { "country": "DE", "city": "London" } }, { "flow_id": "FLOW-00247", "timestamp": "2024-11-16T00:36:37.000Z", "src_ip": "10.0.10.183", "src_port": 16406, "dst_ip": "108.134.194.162", "dst_port": 3389, "protocol": "UDP", "bytes_in": 4449894, "bytes_out": 1377769, "packets_in": 2951, "packets_out": 4917, "duration_ms": 121579, "direction": "outbound", "action": "alerted", "geo": { "country": "GB", "city": "London" } }, { "flow_id": "FLOW-00248", "timestamp": "2024-11-16T00:42:07.000Z", "src_ip": "10.0.50.155", "src_port": 64129, "dst_ip": "124.151.49.57", "dst_port": 25, "protocol": "UDP", "bytes_in": 3751222, "bytes_out": 682471, "packets_in": 4054, "packets_out": 6961, "duration_ms": 60723, "direction": "inbound", "action": "blocked", "geo": { "country": "UA", "city": "Berlin" } }, { "flow_id": "FLOW-00249", "timestamp": "2024-11-16T00:48:26.000Z", "src_ip": "102.65.247.216", "src_port": 46061, "dst_ip": "10.0.100.155", "dst_port": 22, "protocol": "TCP", "bytes_in": 2440563, "bytes_out": 561941, "packets_in": 8315, "packets_out": 3525, "duration_ms": 214437, "direction": "inbound", "action": "alerted", "geo": { "country": "UA", "city": "Beijing" } }, { "flow_id": "FLOW-00250", "timestamp": "2024-11-16T00:54:16.000Z", "src_ip": "10.0.50.102", "src_port": 60816, "dst_ip": "10.0.50.104", "dst_port": 80, "protocol": "UDP", "bytes_in": 4072778, "bytes_out": 1527182, "packets_in": 3588, "packets_out": 5568, "duration_ms": 23923, "direction": "outbound", "action": "blocked", "geo": { "country": "NL", "city": "Moscow" } } ], "vulnerabilities": [ { "vuln_id": "VULN-0001", "hostname": "WS-001", "ip": "10.0.1.244", "cve": "CVE-2022-26134", "cvss_score": 4.4, "severity": "MEDIUM", "title": "Vulnerability CVE-2022-26134 on WS-001", "port": 443, "service": "rdp", "patched": true, "first_seen": "2024-08-29T00:00:34.000Z", "plugin_id": 12610 }, { "vuln_id": "VULN-0002", "hostname": "WS-001", "ip": "10.0.1.201", "cve": "CVE-2021-44228", "cvss_score": 8.6, "severity": "HIGH", "title": "Vulnerability CVE-2021-44228 on WS-001", "port": 445, "service": "iis", "patched": false, "first_seen": "2024-09-05T00:00:04.000Z", "plugin_id": 95843 }, { "vuln_id": "VULN-0003", "hostname": "WS-001", "ip": "10.0.30.139", "cve": "CVE-2021-44228", "cvss_score": 6.6, "severity": "MEDIUM", "title": "Vulnerability CVE-2021-44228 on WS-001", "port": 80, "service": "apache", "patched": false, "first_seen": "2024-09-25T00:00:55.000Z", "plugin_id": 40059 }, { "vuln_id": "VULN-0004", "hostname": "WS-002", "ip": "10.0.30.107", "cve": "CVE-2020-1472", "cvss_score": 9.4, "severity": "CRITICAL", "title": "Vulnerability CVE-2020-1472 on WS-002", "port": 80, "service": "rdp", "patched": false, "first_seen": "2024-11-13T00:00:02.000Z", "plugin_id": 12625 }, { "vuln_id": "VULN-0005", "hostname": "WS-002", "ip": "10.0.50.204", "cve": "CVE-2022-26134", "cvss_score": 3.7, "severity": "LOW", "title": "Vulnerability CVE-2022-26134 on WS-002", "port": 139, "service": "openssh", "patched": true, "first_seen": "2024-10-07T00:00:01.000Z", "plugin_id": 40147 }, { "vuln_id": "VULN-0006", "hostname": "WS-002", "ip": "10.0.1.210", "cve": "CVE-2019-0708", "cvss_score": 3.2, "severity": "LOW", "title": "Vulnerability CVE-2019-0708 on WS-002", "port": 3389, "service": "smb", "patched": false, "first_seen": "2024-10-29T00:00:52.000Z", "plugin_id": 45389 }, { "vuln_id": "VULN-0007", "hostname": "WS-002", "ip": "10.0.50.7", "cve": "CVE-2021-34527", "cvss_score": 3.5, "severity": "LOW", "title": "Vulnerability CVE-2021-34527 on WS-002", "port": 22, "service": "exchange", "patched": false, "first_seen": "2024-08-29T00:00:58.000Z", "plugin_id": 29902 }, { "vuln_id": "VULN-0008", "hostname": "WS-002", "ip": "10.0.50.51", "cve": "CVE-2021-34527", "cvss_score": 8.2, "severity": "HIGH", "title": "Vulnerability CVE-2021-34527 on WS-002", "port": 3389, "service": "rdp", "patched": false, "first_seen": "2024-10-04T00:00:27.000Z", "plugin_id": 77155 }, { "vuln_id": "VULN-0009", "hostname": "WS-003", "ip": "10.0.10.27", "cve": "CVE-2022-30190", "cvss_score": 4.9, "severity": "MEDIUM", "title": "Vulnerability CVE-2022-30190 on WS-003", "port": 135, "service": "exchange", "patched": false, "first_seen": "2024-09-27T00:00:18.000Z", "plugin_id": 66299 }, { "vuln_id": "VULN-0010", "hostname": "WS-004", "ip": "10.0.20.125", "cve": "CVE-2019-0708", "cvss_score": 9.8, "severity": "CRITICAL", "title": "Vulnerability CVE-2019-0708 on WS-004", "port": 135, "service": "exchange", "patched": false, "first_seen": "2024-10-14T00:00:24.000Z", "plugin_id": 12256 }, { "vuln_id": "VULN-0011", "hostname": "WS-004", "ip": "10.0.30.197", "cve": "CVE-2021-26855", "cvss_score": 8.1, "severity": "HIGH", "title": "Vulnerability CVE-2021-26855 on WS-004", "port": 443, "service": "exchange", "patched": true, "first_seen": "2024-10-17T00:00:36.000Z", "plugin_id": 13262 }, { "vuln_id": "VULN-0012", "hostname": "WS-005", "ip": "10.0.100.146", "cve": "CVE-2019-0708", "cvss_score": 6.1, "severity": "MEDIUM", "title": "Vulnerability CVE-2019-0708 on WS-005", "port": 22, "service": "exchange", "patched": true, "first_seen": "2024-10-27T00:00:51.000Z", "plugin_id": 92564 }, { "vuln_id": "VULN-0013", "hostname": "WS-005", "ip": "10.0.2.55", "cve": "CVE-2021-34527", "cvss_score": 3.7, "severity": "LOW", "title": "Vulnerability CVE-2021-34527 on WS-005", "port": 3389, "service": "smb", "patched": false, "first_seen": "2024-11-04T00:00:09.000Z", "plugin_id": 62847 }, { "vuln_id": "VULN-0014", "hostname": "WS-005", "ip": "10.0.10.17", "cve": "CVE-2021-26855", "cvss_score": 6.7, "severity": "MEDIUM", "title": "Vulnerability CVE-2021-26855 on WS-005", "port": 3389, "service": "smb", "patched": true, "first_seen": "2024-10-06T00:00:47.000Z", "plugin_id": 54285 }, { "vuln_id": "VULN-0015", "hostname": "WS-005", "ip": "10.0.50.225", "cve": "CVE-2020-1472", "cvss_score": 3.3, "severity": "LOW", "title": "Vulnerability CVE-2020-1472 on WS-005", "port": 22, "service": "iis", "patched": false, "first_seen": "2024-09-04T00:00:50.000Z", "plugin_id": 74058 }, { "vuln_id": "VULN-0016", "hostname": "WS-005", "ip": "10.0.10.84", "cve": "CVE-2022-26134", "cvss_score": 6.5, "severity": "MEDIUM", "title": "Vulnerability CVE-2022-26134 on WS-005", "port": 139, "service": "exchange", "patched": false, "first_seen": "2024-09-04T00:00:54.000Z", "plugin_id": 20673 }, { "vuln_id": "VULN-0017", "hostname": "WS-005", "ip": "10.0.1.98", "cve": "CVE-2021-34527", "cvss_score": 6.0, "severity": "MEDIUM", "title": "Vulnerability CVE-2021-34527 on WS-005", "port": 80, "service": "vcenter", "patched": true, "first_seen": "2024-09-09T00:00:47.000Z", "plugin_id": 25922 }, { "vuln_id": "VULN-0018", "hostname": "WS-005", "ip": "10.0.1.11", "cve": "CVE-2020-1472", "cvss_score": 4.4, "severity": "MEDIUM", "title": "Vulnerability CVE-2020-1472 on WS-005", "port": 139, "service": "smb", "patched": true, "first_seen": "2024-09-08T00:00:31.000Z", "plugin_id": 28332 }, { "vuln_id": "VULN-0019", "hostname": "WS-006", "ip": "10.0.1.113", "cve": "CVE-2017-0144", "cvss_score": 3.1, "severity": "LOW", "title": "Vulnerability CVE-2017-0144 on WS-006", "port": 135, "service": "exchange", "patched": false, "first_seen": "2024-08-20T00:00:17.000Z", "plugin_id": 78482 }, { "vuln_id": "VULN-0020", "hostname": "WS-006", "ip": "10.0.30.146", "cve": "CVE-2023-23397", "cvss_score": 7.3, "severity": "HIGH", "title": "Vulnerability CVE-2023-23397 on WS-006", "port": 445, "service": "apache", "patched": true, "first_seen": "2024-09-09T00:00:43.000Z", "plugin_id": 36799 }, { "vuln_id": "VULN-0021", "hostname": "WS-006", "ip": "10.0.20.122", "cve": "CVE-2023-23397", "cvss_score": 6.6, "severity": "MEDIUM", "title": "Vulnerability CVE-2023-23397 on WS-006", "port": 139, "service": "apache", "patched": false, "first_seen": "2024-10-28T00:00:10.000Z", "plugin_id": 78731 }, { "vuln_id": "VULN-0022", "hostname": "WS-006", "ip": "10.0.50.47", "cve": "CVE-2021-26855", "cvss_score": 3.1, "severity": "LOW", "title": "Vulnerability CVE-2021-26855 on WS-006", "port": 80, "service": "smb", "patched": true, "first_seen": "2024-11-14T00:00:19.000Z", "plugin_id": 34598 }, { "vuln_id": "VULN-0023", "hostname": "WS-006", "ip": "10.0.100.86", "cve": "CVE-2019-0708", "cvss_score": 7.9, "severity": "HIGH", "title": "Vulnerability CVE-2019-0708 on WS-006", "port": 22, "service": "openssh", "patched": false, "first_seen": "2024-08-30T00:00:10.000Z", "plugin_id": 18751 }, { "vuln_id": "VULN-0024", "hostname": "WS-006", "ip": "10.0.10.90", "cve": "CVE-2023-23397", "cvss_score": 7.5, "severity": "HIGH", "title": "Vulnerability CVE-2023-23397 on WS-006", "port": 445, "service": "openssh", "patched": false, "first_seen": "2024-10-10T00:00:18.000Z", "plugin_id": 65858 }, { "vuln_id": "VULN-0025", "hostname": "WS-006", "ip": "10.0.50.241", "cve": "CVE-2022-30190", "cvss_score": 5.6, "severity": "MEDIUM", "title": "Vulnerability CVE-2022-30190 on WS-006", "port": 135, "service": "rdp", "patched": false, "first_seen": "2024-08-22T00:00:12.000Z", "plugin_id": 20154 }, { "vuln_id": "VULN-0026", "hostname": "WS-007", "ip": "10.0.20.47", "cve": "CVE-2021-34527", "cvss_score": 8.1, "severity": "HIGH", "title": "Vulnerability CVE-2021-34527 on WS-007", "port": 135, "service": "rdp", "patched": true, "first_seen": "2024-09-09T00:00:37.000Z", "plugin_id": 94519 }, { "vuln_id": "VULN-0027", "hostname": "WS-007", "ip": "10.0.20.249", "cve": "CVE-2017-0144", "cvss_score": 5.3, "severity": "MEDIUM", "title": "Vulnerability CVE-2017-0144 on WS-007", "port": 3389, "service": "exchange", "patched": false, "first_seen": "2024-08-21T00:00:58.000Z", "plugin_id": 72050 }, { "vuln_id": "VULN-0028", "hostname": "WS-007", "ip": "10.0.10.57", "cve": "CVE-2019-0708", "cvss_score": 4.2, "severity": "MEDIUM", "title": "Vulnerability CVE-2019-0708 on WS-007", "port": 22, "service": "vcenter", "patched": false, "first_seen": "2024-10-27T00:00:10.000Z", "plugin_id": 72320 }, { "vuln_id": "VULN-0029", "hostname": "WS-008", "ip": "10.0.0.37", "cve": "CVE-2023-23397", "cvss_score": 3.5, "severity": "LOW", "title": "Vulnerability CVE-2023-23397 on WS-008", "port": 443, "service": "vcenter", "patched": false, "first_seen": "2024-08-21T00:00:30.000Z", "plugin_id": 52872 }, { "vuln_id": "VULN-0030", "hostname": "WS-009", "ip": "10.0.10.145", "cve": "CVE-2022-26134", "cvss_score": 8.3, "severity": "HIGH", "title": "Vulnerability CVE-2022-26134 on WS-009", "port": 139, "service": "smb", "patched": false, "first_seen": "2024-09-15T00:00:22.000Z", "plugin_id": 50863 }, { "vuln_id": "VULN-0031", "hostname": "WS-009", "ip": "10.0.1.228", "cve": "CVE-2022-26134", "cvss_score": 5.2, "severity": "MEDIUM", "title": "Vulnerability CVE-2022-26134 on WS-009", "port": 443, "service": "vcenter", "patched": true, "first_seen": "2024-10-24T00:00:40.000Z", "plugin_id": 46403 }, { "vuln_id": "VULN-0032", "hostname": "WS-009", "ip": "10.0.100.127", "cve": "CVE-2020-1472", "cvss_score": 8.9, "severity": "HIGH", "title": "Vulnerability CVE-2020-1472 on WS-009", "port": 445, "service": "vcenter", "patched": true, "first_seen": "2024-10-30T00:00:35.000Z", "plugin_id": 67070 }, { "vuln_id": "VULN-0033", "hostname": "WS-009", "ip": "10.0.30.220", "cve": "CVE-2023-23397", "cvss_score": 4.2, "severity": "MEDIUM", "title": "Vulnerability CVE-2023-23397 on WS-009", "port": 139, "service": "vcenter", "patched": false, "first_seen": "2024-09-21T00:00:13.000Z", "plugin_id": 90868 }, { "vuln_id": "VULN-0034", "hostname": "WS-009", "ip": "10.0.10.99", "cve": "CVE-2022-26134", "cvss_score": 9.1, "severity": "CRITICAL", "title": "Vulnerability CVE-2022-26134 on WS-009", "port": 135, "service": "apache", "patched": false, "first_seen": "2024-11-13T00:00:12.000Z", "plugin_id": 67944 }, { "vuln_id": "VULN-0035", "hostname": "WS-010", "ip": "10.0.20.86", "cve": "CVE-2022-26134", "cvss_score": 4.4, "severity": "MEDIUM", "title": "Vulnerability CVE-2022-26134 on WS-010", "port": 22, "service": "iis", "patched": false, "first_seen": "2024-09-11T00:00:58.000Z", "plugin_id": 11703 }, { "vuln_id": "VULN-0036", "hostname": "WS-010", "ip": "10.0.20.166", "cve": "CVE-2022-30190", "cvss_score": 3.2, "severity": "LOW", "title": "Vulnerability CVE-2022-30190 on WS-010", "port": 139, "service": "smb", "patched": true, "first_seen": "2024-08-17T00:00:45.000Z", "plugin_id": 43166 }, { "vuln_id": "VULN-0037", "hostname": "WS-010", "ip": "10.0.0.222", "cve": "CVE-2022-30190", "cvss_score": 7.4, "severity": "HIGH", "title": "Vulnerability CVE-2022-30190 on WS-010", "port": 445, "service": "smb", "patched": false, "first_seen": "2024-08-26T00:00:29.000Z", "plugin_id": 74264 }, { "vuln_id": "VULN-0038", "hostname": "WS-010", "ip": "10.0.1.11", "cve": "CVE-2020-1472", "cvss_score": 6.3, "severity": "MEDIUM", "title": "Vulnerability CVE-2020-1472 on WS-010", "port": 135, "service": "openssh", "patched": false, "first_seen": "2024-10-26T00:00:45.000Z", "plugin_id": 33187 }, { "vuln_id": "VULN-0039", "hostname": "WS-010", "ip": "10.0.1.16", "cve": "CVE-2020-1472", "cvss_score": 3.6, "severity": "LOW", "title": "Vulnerability CVE-2020-1472 on WS-010", "port": 139, "service": "exchange", "patched": false, "first_seen": "2024-10-05T00:00:06.000Z", "plugin_id": 81314 }, { "vuln_id": "VULN-0040", "hostname": "WS-010", "ip": "10.0.10.169", "cve": "CVE-2022-30190", "cvss_score": 9.9, "severity": "CRITICAL", "title": "Vulnerability CVE-2022-30190 on WS-010", "port": 443, "service": "exchange", "patched": true, "first_seen": "2024-08-20T00:00:54.000Z", "plugin_id": 51481 }, { "vuln_id": "VULN-0041", "hostname": "WS-011", "ip": "10.0.50.108", "cve": "CVE-2023-23397", "cvss_score": 6.6, "severity": "MEDIUM", "title": "Vulnerability CVE-2023-23397 on WS-011", "port": 3389, "service": "exchange", "patched": false, "first_seen": "2024-11-06T00:00:12.000Z", "plugin_id": 75735 }, { "vuln_id": "VULN-0042", "hostname": "WS-011", "ip": "10.0.1.46", "cve": "CVE-2020-1472", "cvss_score": 8.1, "severity": "HIGH", "title": "Vulnerability CVE-2020-1472 on WS-011", "port": 139, "service": "openssh", "patched": true, "first_seen": "2024-10-20T00:00:44.000Z", "plugin_id": 76252 }, { "vuln_id": "VULN-0043", "hostname": "WS-011", "ip": "10.0.0.81", "cve": "CVE-2017-0144", "cvss_score": 4.2, "severity": "MEDIUM", "title": "Vulnerability CVE-2017-0144 on WS-011", "port": 135, "service": "rdp", "patched": false, "first_seen": "2024-10-02T00:00:29.000Z", "plugin_id": 84471 }, { "vuln_id": "VULN-0044", "hostname": "WS-012", "ip": "10.0.1.48", "cve": "CVE-2021-26855", "cvss_score": 3.6, "severity": "LOW", "title": "Vulnerability CVE-2021-26855 on WS-012", "port": 445, "service": "openssh", "patched": true, "first_seen": "2024-08-31T00:00:40.000Z", "plugin_id": 12635 }, { "vuln_id": "VULN-0045", "hostname": "WS-012", "ip": "10.0.10.165", "cve": "CVE-2020-1472", "cvss_score": 8.5, "severity": "HIGH", "title": "Vulnerability CVE-2020-1472 on WS-012", "port": 135, "service": "smb", "patched": true, "first_seen": "2024-10-14T00:00:19.000Z", "plugin_id": 99245 }, { "vuln_id": "VULN-0046", "hostname": "WS-013", "ip": "10.0.50.182", "cve": "CVE-2020-1472", "cvss_score": 5.2, "severity": "MEDIUM", "title": "Vulnerability CVE-2020-1472 on WS-013", "port": 135, "service": "apache", "patched": true, "first_seen": "2024-09-03T00:00:20.000Z", "plugin_id": 64261 }, { "vuln_id": "VULN-0047", "hostname": "WS-013", "ip": "10.0.20.228", "cve": "CVE-2019-0708", "cvss_score": 8.8, "severity": "HIGH", "title": "Vulnerability CVE-2019-0708 on WS-013", "port": 80, "service": "apache", "patched": false, "first_seen": "2024-10-12T00:00:44.000Z", "plugin_id": 67619 }, { "vuln_id": "VULN-0048", "hostname": "WS-013", "ip": "10.0.30.150", "cve": "CVE-2022-30190", "cvss_score": 3.6, "severity": "LOW", "title": "Vulnerability CVE-2022-30190 on WS-013", "port": 135, "service": "iis", "patched": false, "first_seen": "2024-09-09T00:00:28.000Z", "plugin_id": 92709 }, { "vuln_id": "VULN-0049", "hostname": "WS-013", "ip": "10.0.50.41", "cve": "CVE-2020-1472", "cvss_score": 3.3, "severity": "LOW", "title": "Vulnerability CVE-2020-1472 on WS-013", "port": 443, "service": "rdp", "patched": true, "first_seen": "2024-08-17T00:00:27.000Z", "plugin_id": 55471 }, { "vuln_id": "VULN-0050", "hostname": "WS-014", "ip": "10.0.20.25", "cve": "CVE-2019-0708", "cvss_score": 5.4, "severity": "MEDIUM", "title": "Vulnerability CVE-2019-0708 on WS-014", "port": 443, "service": "vcenter", "patched": true, "first_seen": "2024-10-18T00:00:29.000Z", "plugin_id": 44189 }, { "vuln_id": "VULN-0051", "hostname": "WS-014", "ip": "10.0.2.123", "cve": "CVE-2021-44228", "cvss_score": 9.5, "severity": "CRITICAL", "title": "Vulnerability CVE-2021-44228 on WS-014", "port": 80, "service": "smb", "patched": false, "first_seen": "2024-09-28T00:00:36.000Z", "plugin_id": 59533 }, { "vuln_id": "VULN-0052", "hostname": "WS-014", "ip": "10.0.1.163", "cve": "CVE-2021-44228", "cvss_score": 5.3, "severity": "MEDIUM", "title": "Vulnerability CVE-2021-44228 on WS-014", "port": 135, "service": "vcenter", "patched": false, "first_seen": "2024-10-25T00:00:26.000Z", "plugin_id": 72324 }, { "vuln_id": "VULN-0053", "hostname": "WS-014", "ip": "10.0.1.49", "cve": "CVE-2023-23397", "cvss_score": 5.4, "severity": "MEDIUM", "title": "Vulnerability CVE-2023-23397 on WS-014", "port": 135, "service": "iis", "patched": true, "first_seen": "2024-09-06T00:00:11.000Z", "plugin_id": 12850 }, { "vuln_id": "VULN-0054", "hostname": "WS-014", "ip": "10.0.100.153", "cve": "CVE-2021-26855", "cvss_score": 8.7, "severity": "HIGH", "title": "Vulnerability CVE-2021-26855 on WS-014", "port": 443, "service": "exchange", "patched": false, "first_seen": "2024-09-24T00:00:30.000Z", "plugin_id": 41927 }, { "vuln_id": "VULN-0055", "hostname": "WS-015", "ip": "10.0.100.175", "cve": "CVE-2023-23397", "cvss_score": 7.2, "severity": "HIGH", "title": "Vulnerability CVE-2023-23397 on WS-015", "port": 139, "service": "iis", "patched": true, "first_seen": "2024-10-16T00:00:48.000Z", "plugin_id": 76448 }, { "vuln_id": "VULN-0056", "hostname": "WS-015", "ip": "10.0.20.246", "cve": "CVE-2021-34527", "cvss_score": 5.9, "severity": "MEDIUM", "title": "Vulnerability CVE-2021-34527 on WS-015", "port": 443, "service": "smb", "patched": false, "first_seen": "2024-10-25T00:00:32.000Z", "plugin_id": 31808 }, { "vuln_id": "VULN-0057", "hostname": "WS-015", "ip": "10.0.10.245", "cve": "CVE-2022-30190", "cvss_score": 9.2, "severity": "CRITICAL", "title": "Vulnerability CVE-2022-30190 on WS-015", "port": 443, "service": "vcenter", "patched": true, "first_seen": "2024-08-22T00:00:21.000Z", "plugin_id": 17051 }, { "vuln_id": "VULN-0058", "hostname": "WS-015", "ip": "10.0.2.207", "cve": "CVE-2021-34527", "cvss_score": 5.2, "severity": "MEDIUM", "title": "Vulnerability CVE-2021-34527 on WS-015", "port": 135, "service": "smb", "patched": false, "first_seen": "2024-09-17T00:00:00.000Z", "plugin_id": 96325 }, { "vuln_id": "VULN-0059", "hostname": "WS-015", "ip": "10.0.2.79", "cve": "CVE-2020-1472", "cvss_score": 4.4, "severity": "MEDIUM", "title": "Vulnerability CVE-2020-1472 on WS-015", "port": 135, "service": "openssh", "patched": true, "first_seen": "2024-10-19T00:00:27.000Z", "plugin_id": 21818 }, { "vuln_id": "VULN-0060", "hostname": "WS-016", "ip": "10.0.30.3", "cve": "CVE-2020-1472", "cvss_score": 7.8, "severity": "HIGH", "title": "Vulnerability CVE-2020-1472 on WS-016", "port": 139, "service": "apache", "patched": true, "first_seen": "2024-09-15T00:00:35.000Z", "plugin_id": 61648 }, { "vuln_id": "VULN-0061", "hostname": "WS-016", "ip": "10.0.50.214", "cve": "CVE-2019-0708", "cvss_score": 9.4, "severity": "CRITICAL", "title": "Vulnerability CVE-2019-0708 on WS-016", "port": 139, "service": "exchange", "patched": true, "first_seen": "2024-11-02T00:00:24.000Z", "plugin_id": 26843 }, { "vuln_id": "VULN-0062", "hostname": "WS-016", "ip": "10.0.2.104", "cve": "CVE-2023-23397", "cvss_score": 8.3, "severity": "HIGH", "title": "Vulnerability CVE-2023-23397 on WS-016", "port": 3389, "service": "iis", "patched": false, "first_seen": "2024-08-20T00:00:46.000Z", "plugin_id": 65652 }, { "vuln_id": "VULN-0063", "hostname": "WS-016", "ip": "10.0.30.127", "cve": "CVE-2017-0144", "cvss_score": 6.7, "severity": "MEDIUM", "title": "Vulnerability CVE-2017-0144 on WS-016", "port": 445, "service": "exchange", "patched": false, "first_seen": "2024-11-11T00:00:14.000Z", "plugin_id": 89760 }, { "vuln_id": "VULN-0064", "hostname": "WS-017", "ip": "10.0.30.130", "cve": "CVE-2019-0708", "cvss_score": 5.6, "severity": "MEDIUM", "title": "Vulnerability CVE-2019-0708 on WS-017", "port": 3389, "service": "openssh", "patched": false, "first_seen": "2024-09-25T00:00:58.000Z", "plugin_id": 20127 }, { "vuln_id": "VULN-0065", "hostname": "WS-017", "ip": "10.0.10.13", "cve": "CVE-2019-0708", "cvss_score": 4.0, "severity": "MEDIUM", "title": "Vulnerability CVE-2019-0708 on WS-017", "port": 80, "service": "iis", "patched": false, "first_seen": "2024-10-02T00:00:24.000Z", "plugin_id": 95726 }, { "vuln_id": "VULN-0066", "hostname": "WS-017", "ip": "10.0.20.81", "cve": "CVE-2020-1472", "cvss_score": 6.0, "severity": "MEDIUM", "title": "Vulnerability CVE-2020-1472 on WS-017", "port": 139, "service": "exchange", "patched": false, "first_seen": "2024-11-10T00:00:16.000Z", "plugin_id": 65277 }, { "vuln_id": "VULN-0067", "hostname": "WS-018", "ip": "10.0.1.121", "cve": "CVE-2020-1472", "cvss_score": 5.8, "severity": "MEDIUM", "title": "Vulnerability CVE-2020-1472 on WS-018", "port": 3389, "service": "openssh", "patched": true, "first_seen": "2024-11-02T00:00:41.000Z", "plugin_id": 63015 }, { "vuln_id": "VULN-0068", "hostname": "WS-018", "ip": "10.0.2.149", "cve": "CVE-2021-44228", "cvss_score": 4.1, "severity": "MEDIUM", "title": "Vulnerability CVE-2021-44228 on WS-018", "port": 443, "service": "smb", "patched": false, "first_seen": "2024-11-13T00:00:31.000Z", "plugin_id": 95697 }, { "vuln_id": "VULN-0069", "hostname": "WS-018", "ip": "10.0.0.79", "cve": "CVE-2017-0144", "cvss_score": 6.0, "severity": "MEDIUM", "title": "Vulnerability CVE-2017-0144 on WS-018", "port": 139, "service": "iis", "patched": false, "first_seen": "2024-10-31T00:00:38.000Z", "plugin_id": 69017 }, { "vuln_id": "VULN-0070", "hostname": "WS-019", "ip": "10.0.30.30", "cve": "CVE-2021-26855", "cvss_score": 8.0, "severity": "HIGH", "title": "Vulnerability CVE-2021-26855 on WS-019", "port": 3389, "service": "apache", "patched": false, "first_seen": "2024-09-07T00:00:48.000Z", "plugin_id": 60262 }, { "vuln_id": "VULN-0071", "hostname": "WS-019", "ip": "10.0.30.244", "cve": "CVE-2021-34527", "cvss_score": 4.1, "severity": "MEDIUM", "title": "Vulnerability CVE-2021-34527 on WS-019", "port": 445, "service": "rdp", "patched": true, "first_seen": "2024-09-10T00:00:52.000Z", "plugin_id": 90546 }, { "vuln_id": "VULN-0072", "hostname": "WS-019", "ip": "10.0.100.74", "cve": "CVE-2021-26855", "cvss_score": 6.0, "severity": "MEDIUM", "title": "Vulnerability CVE-2021-26855 on WS-019", "port": 22, "service": "openssh", "patched": false, "first_seen": "2024-09-17T00:00:23.000Z", "plugin_id": 16563 }, { "vuln_id": "VULN-0073", "hostname": "WS-019", "ip": "10.0.30.174", "cve": "CVE-2023-23397", "cvss_score": 4.8, "severity": "MEDIUM", "title": "Vulnerability CVE-2023-23397 on WS-019", "port": 135, "service": "vcenter", "patched": false, "first_seen": "2024-09-06T00:00:17.000Z", "plugin_id": 33426 }, { "vuln_id": "VULN-0074", "hostname": "WS-019", "ip": "10.0.0.116", "cve": "CVE-2022-30190", "cvss_score": 5.5, "severity": "MEDIUM", "title": "Vulnerability CVE-2022-30190 on WS-019", "port": 135, "service": "iis", "patched": false, "first_seen": "2024-08-30T00:00:07.000Z", "plugin_id": 56824 }, { "vuln_id": "VULN-0075", "hostname": "WS-019", "ip": "10.0.50.65", "cve": "CVE-2021-44228", "cvss_score": 6.7, "severity": "MEDIUM", "title": "Vulnerability CVE-2021-44228 on WS-019", "port": 80, "service": "openssh", "patched": false, "first_seen": "2024-10-29T00:00:46.000Z", "plugin_id": 28958 }, { "vuln_id": "VULN-0076", "hostname": "WS-020", "ip": "10.0.30.250", "cve": "CVE-2017-0144", "cvss_score": 9.2, "severity": "CRITICAL", "title": "Vulnerability CVE-2017-0144 on WS-020", "port": 139, "service": "exchange", "patched": false, "first_seen": "2024-09-08T00:00:36.000Z", "plugin_id": 70085 }, { "vuln_id": "VULN-0077", "hostname": "WS-020", "ip": "10.0.30.11", "cve": "CVE-2021-44228", "cvss_score": 3.5, "severity": "LOW", "title": "Vulnerability CVE-2021-44228 on WS-020", "port": 80, "service": "rdp", "patched": false, "first_seen": "2024-08-25T00:00:51.000Z", "plugin_id": 23254 }, { "vuln_id": "VULN-0078", "hostname": "WS-020", "ip": "10.0.1.88", "cve": "CVE-2017-0144", "cvss_score": 6.6, "severity": "MEDIUM", "title": "Vulnerability CVE-2017-0144 on WS-020", "port": 445, "service": "exchange", "patched": true, "first_seen": "2024-09-24T00:00:01.000Z", "plugin_id": 34108 }, { "vuln_id": "VULN-0079", "hostname": "WS-020", "ip": "10.0.1.216", "cve": "CVE-2022-30190", "cvss_score": 8.1, "severity": "HIGH", "title": "Vulnerability CVE-2022-30190 on WS-020", "port": 139, "service": "openssh", "patched": false, "first_seen": "2024-09-02T00:00:16.000Z", "plugin_id": 49741 }, { "vuln_id": "VULN-0080", "hostname": "WS-020", "ip": "10.0.10.179", "cve": "CVE-2022-26134", "cvss_score": 6.8, "severity": "MEDIUM", "title": "Vulnerability CVE-2022-26134 on WS-020", "port": 3389, "service": "openssh", "patched": false, "first_seen": "2024-09-15T00:00:13.000Z", "plugin_id": 67271 }, { "vuln_id": "VULN-0081", "hostname": "WS-020", "ip": "10.0.2.72", "cve": "CVE-2022-30190", "cvss_score": 8.2, "severity": "HIGH", "title": "Vulnerability CVE-2022-30190 on WS-020", "port": 443, "service": "exchange", "patched": true, "first_seen": "2024-09-24T00:00:58.000Z", "plugin_id": 33758 }, { "vuln_id": "VULN-0082", "hostname": "WS-020", "ip": "10.0.50.55", "cve": "CVE-2022-30190", "cvss_score": 4.9, "severity": "MEDIUM", "title": "Vulnerability CVE-2022-30190 on WS-020", "port": 22, "service": "vcenter", "patched": false, "first_seen": "2024-10-29T00:00:17.000Z", "plugin_id": 45003 }, { "vuln_id": "VULN-0083", "hostname": "WS-020", "ip": "10.0.30.26", "cve": "CVE-2021-26855", "cvss_score": 7.2, "severity": "HIGH", "title": "Vulnerability CVE-2021-26855 on WS-020", "port": 80, "service": "apache", "patched": true, "first_seen": "2024-10-04T00:00:14.000Z", "plugin_id": 18352 } ] }