{ "_index": "logstash-smb-2022.09.11", "_type": "_doc", "_id": "BQCwLYMBfTCdXV7aTgf3", "_version": 1, "_score": null, "_source": { "input": { "type": "log" }, "proto": "TCP", "log": { "offset": 836054619, "file": { "path": "/var/log/suricata/eve-0.json" } }, "src_port": 53938, "see_id": "2e2cf4a77cbd", "src_ip": "10.6.2.101", "net_info": { "src": [ "USER.dctdz.org", "AFFECTED USERS" ], "src_agg": "user.dctdz.org.affected-users" }, "@version": "1", "@timestamp": "2022-09-11T17:53:20.353Z", "ether": {}, "host": "SSProbe-1", "ecs": { "version": "1.12.0" }, "dest_port": 445, "type": "json-log", "tags": [ "beats_input_codec_json_applied" ], "tx_id": 3, "timestamp": "2022-09-11T19:53:20.353087+0200", "see_name": "stamus-central-server", "dest_ip": "10.6.2.6", "event_type": "smb", "smb": { "status_code": "0xc000006d", "tree_id": 0, "id": 4, "command": "SMB2_COMMAND_SESSION_SETUP", "session_id": 219902392664121, "ntlmssp": { "user": "Administrator", "domain": "", "host": "DESKTOP-ZP6KXJ7" }, "ext_status": { "text": "STATUS_LOGON_FAILURE", "customer": 0, "facility": "UNDEFINED", "severity": "ERROR", "short_code": "0x6d" }, "dialect": "2.10", "status": "STATUS_LOGON_FAILURE" }, "agent": { "version": "7.16.1", "hostname": "SSProbe-1", "id": "9f305fa4-6db1-485c-81f9-598dce1469e3", "type": "filebeat", "ephemeral_id": "da6efa0f-f749-4bb3-8918-c3514cb604ff", "name": "SSProbe-1" }, "in_iface": "tppdummy0", "flow_id": 1021573274121636 }, "fields": { "@timestamp": [ "2022-09-11T17:53:20.353Z" ], "EveBox": [ 1021573274121636 ], "timestamp": [ "2022-09-11T17:53:20.353Z" ] }, "highlight": { "smb.status.keyword": [ "@kibana-highlighted-field@STATUS_LOGON_FAILURE@/kibana-highlighted-field@" ] }, "sort": [ 1662918800353 ] }