{ "_index": "logstash-alert-2022.09.13", "_type": "_doc", "_id": "wUieNoMBfTCdXV7anxGq", "_version": 1, "_score": null, "_source": { "see_name": "stamus-central-server", "stream": 0, "payload_printable": ".............beetfeetlife.bit.....", "alert": { "action": "allowed", "signature": "ET INFO DNS Query Domain .bit", "rev": 5, "signature_id": 2017645, "category": "Potentially Bad Traffic", "gid": 1, "severity": 2, "metadata": { "updated_at": [ "2020_09_15" ], "created_at": [ "2013_10_30" ] } }, "payload": "6LgBAAABAAAAAAAADGJlZXRmZWV0bGlmZQNiaXQAAAEAAQ==", "sig": { "updated": "2020-09-15", "created": "2013-10-30", "source": "ETPRO-v2" }, "src_port": 49861, "type": "json-log", "packet": "HBfT+Eq7AAgCHEeuCABFAAA+D4MAAIARWq4KARBlwEf10MLFADUAKh2S6LgBAAABAAAAAAAADGJlZXRmZWV0bGlmZQNiaXQAAAEAAQ==", "hostname_info": { "tld": "bit", "domain_without_tld": "beetfeetlife", "host": "beetfeetlife.bit", "domain": "beetfeetlife.bit", "url": "beetfeetlife.bit" }, "agent": { "id": "9f305fa4-6db1-485c-81f9-598dce1469e3", "version": "7.16.1", "name": "SSProbe-1", "hostname": "SSProbe-1", "ephemeral_id": "50e455b7-c932-4cf1-a630-0675035aba08", "type": "filebeat" }, "event_type": "alert", "src_ip": "10.1.16.101", "in_iface": "tppdummy0", "proto": "UDP", "tags": [ "beats_input_codec_json_applied" ], "host": "SSProbe-1", "input": { "type": "log" }, "timestamp": "2022-09-13T13:31:52.304930+0200", "flow_id": 183767460827266, "app_proto": "dns", "@timestamp": "2022-09-13T11:31:52.304Z", "ecs": { "version": "1.12.0" }, "ether": { "src_mac": "00:08:02:1c:47:ae", "dest_mac": "1c:17:d3:f8:4a:bb" }, "packet_info": { "linktype": 1 }, "see_id": "2e2cf4a77cbd", "dns": { "query": [ { "type": "query", "id": 59576, "rrname": "beetfeetlife.bit", "rrtype": "A", "tx_id": 0 } ] }, "alerted": true, "dest_ip": "192.71.245.208", "geoip": { "location": { "lat": 45.53, "lon": 9.278 }, "latitude": 45.53, "country_name": "Italy", "city_name": "Cologno Monzese", "country": { "name": "Italy", "iso_code": "IT", "is_in_european_union": true, "geoname_id": 3175395 }, "continent_code": "EU", "subdivisions": [ { "name": "Lombardy", "iso_code": "25", "geoname_id": 3174618 }, { "name": "Milan", "iso_code": "MI", "geoname_id": 3173434 } ], "coordinate": [ 9.278, 45.53 ], "country_code2": "IT", "city": { "name": "Cologno Monzese", "geoname_id": 3178283 }, "ip": "192.71.245.208", "provider": { "autonomous_system_organization": "Prometeus di Daniela Agro", "autonomous_system_number": 34971 }, "timezone": "Europe/Rome", "registered_country": { "name": "Italy", "iso_code": "IT", "is_in_european_union": true, "geoname_id": 3175395 }, "longitude": 9.278, "postal": { "code": "20093" }, "continent": { "name": "Europe", "code": "EU", "geoname_id": 6255148 }, "country_code3": "IT" }, "flow": { "bytes_toclient": 0, "pkts_toserver": 1, "pkts_toclient": 0, "src_port": 49861, "bytes_toserver": 76, "start": "2022-09-13T13:31:52.304930+0200", "dest_ip": "192.71.245.208", "dest_port": 53, "src_ip": "10.1.16.101" }, "@version": "1", "log": { "file": { "path": "/var/log/suricata/eve-alert.json" }, "offset": 189122108 }, "dest_port": 53, "tx_id": 0, "net_info": { "src_agg": "user.touye.org.affected-users", "src": [ "USER.touye.org", "AFFECTED USERS" ] } }, "fields": { "flow.start": [ "2022-09-13T11:31:52.304Z" ], "@timestamp": [ "2022-09-13T11:31:52.304Z" ], "sig.created": [ "2013-10-30T00:00:00.000Z" ], "EveBox": [ 183767460827266 ], "Scirius": [ 2017645 ], "sig.updated": [ "2020-09-15T00:00:00.000Z" ], "timestamp": [ "2022-09-13T11:31:52.304Z" ] }, "highlight": { "app_proto.keyword": [ "@kibana-highlighted-field@dns@/kibana-highlighted-field@" ] }, "sort": [ 1663068712304 ] }