{
  "src_ip": "10.7.5.101",
  "proto": "TCP",
  "type": "json-log",
  "ether": {
    "src_mac": "00:08:02:1c:47:ae",
    "dest_mac": "20:e5:2a:b6:93:f1"
  },
  "tenant": 63,
  "app_proto": "tls",
  "hostname_info": {
    "domain_without_tld": "osteoman",
    "domain": "osteoman.es",
    "tld": "es",
    "url": "osteoman.es",
    "host": "osteoman.es"
  },
  "dest_ip": "185.42.104.157",
  "@version": "1",
  "@timestamp": "2023-10-25T02:36:45.697Z",
  "flow_id": 1174285984307788,
  "tls": {
    "subject": "CN=www.osteoman.es",
    "ja3s": {
      "string": "771,49172,0-65281-11",
      "hash": "fb38aec9b9f7318383270c307f8f7773"
    },
    "cipher_suite": "TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA",
    "notafter": "2019-10-02T19:54:05",
    "serial": "03:E7:CF:0F:AD:82:ED:5B:B8:D0:B4:47:1B:D6:33:42:E4:28",
    "sni": "osteoman.es",
    "issuerdn": "C=US, O=Let's Encrypt, CN=Let's Encrypt Authority X3",
    "fingerprint": "e0:70:55:25:e5:b2:68:36:67:12:07:f2:f1:ce:07:dc:4b:be:98:79",
    "notbefore": "2019-07-04T19:54:05",
    "version": "TLS 1.2",
    "ja3": {
      "agent": [
        "Tofsee  (from abuse.ch)"
      ],
      "hash": "4d7a28d6f2263ed61de88ca66eb011e3",
      "string": "771,60-47-61-53-5-10-49191-49171-49172-49195-49187-49196-49188-49161-49162-64-50-106-56-19-4,65281-0-10-11-13,23-24,0"
    },
    "ja4": {
      "hash": "t14d1310h3_8b80db21ef18_e69ac49eb88f",
      "agent": [
        "Chrome Version 60/61.0.3163, Google Chrome"
      ]
    },
    "alpn_ts": [
      "h2",
      "http/1.1"
    ],
    "alpn_tc": "h2",
    "cipher_security": "insecure"
  },
  "net_info": {
    "src": [
      "Accounting",
      "Site-A",
      "RemoteVPN",
      "Clients"
    ],
    "src_agg": "accounting.site-a.remotevpn.clients",
    "dest": [
      "Internet"
    ],
    "dest_agg": "internet"
  },
  "timestamp": "2023-10-25T04:36:45.697996+0200",
  "in_iface": "dummy0",
  "see_name": "stamus-central-server",
  "input": {
    "type": "log"
  },
  "host": "sn-probe-aws-2",
  "stamus_infrequent": true,
  "tags": [
    "beats_input_codec_json_applied"
  ],
  "alerted": true,
  "see_id": "0a570e66842a",
  "logger": "logstash-manager",
  "agent": {
    "id": "9f305fa4-6db1-485c-81f9-598dce1469e3",
    "ephemeral_id": "bc89d735-5790-413b-b14e-b67d6d0d8cb2",
    "type": "filebeat",
    "name": "sn-probe-aws-2",
    "version": "7.17.10",
    "hostname": "sn-probe-aws-2"
  },
  "metadata": {
    "flowbits": [
      "stamus.sightings"
    ]
  },
  "src_port": 49307,
  "dest_port": 443,
  "log": {
    "offset": 2099643140,
    "file": {
      "path": "/var/log/suricata/eve-0.json"
    }
  },
  "event_type": "tls"
}