{ "_index": "logstash-fileinfo-2023.11.13", "_type": "_doc", "_id": "Cl7Qx4sBmjVXQHqtsacM", "_version": 1, "_score": 1, "_source": { "logger": "logstash-manager", "tenant": 9, "fileinfo": { "type": "PNG image data", "gaps": false, "sid": [], "stored": false, "filename": "screenshot2_BREAUX-WIN7-PC.jpeg", "tx_id": 0, "state": "TRUNCATED", "mimetype": "image/png", "magic": "PNG image data, 1440 x 900, 8-bit/color RGBA, non-interlaced", "size": 1048280 }, "input": { "type": "log" }, "proto": "TCP", "agent": { "ephemeral_id": "f52d24b5-59cf-42fb-9aeb-cde609212624", "id": "9f305fa4-6db1-485c-81f9-598dce1469e3", "hostname": "discord-probe", "name": "discord-probe", "version": "7.17.10", "type": "filebeat" }, "timestamp": "2023-11-13T09:36:07.926783+0100", "net_info": { "dest_agg": "internet", "src_agg": "private-class-a.internet", "src": [ "Private class A", "Internet" ], "dest": [ "Internet" ] }, "tags": [ "beats_input_codec_json_applied" ], "log": { "offset": 1947701741, "file": { "path": "/var/log/suricata/eve-0.json" } }, "ether": { "dest_mac": "20:e5:2a:b6:93:f1", "src_mac": "84:8f:69:09:86:c0" }, "flow_id": 2031610361435835, "src_ip": "10.0.0.227", "host": "discord-probe", "see_name": "STS-500-QALAB-SSP", "event_type": "fileinfo", "alerted": true, "type": "json-log", "dest_ip": "145.14.145.99", "dest_port": 35396, "@version": "1", "in_iface": "tppdummy0", "parent_id": 2018400277376940, "@timestamp": "2023-11-13T08:36:07.926Z", "src_port": 49215, "app_proto": "ftp-data", "see_id": "6c2b59a0d0f2", "metadata": { "flowbits": [ "ET.tcpraw.png" ] } }, "fields": { "agent.version.keyword": [ "7.17.10" ], "logger": [ "logstash-manager" ], "type": [ "json-log" ], "proto.raw": [ "TCP" ], "event_type": [ "fileinfo" ], "in_iface.raw": [ "tppdummy0" ], "agent.name": [ "discord-probe" ], "EveBox": [ 2031610361435835 ], "ether.src_mac": [ "84:8f:69:09:86:c0" ], "tenant": [ 9 ], "net_info.src.raw": [ "Private class A", "Internet" ], "agent.id.keyword": [ "9f305fa4-6db1-485c-81f9-598dce1469e3" ], "input.type": [ "log" ], "agent.hostname": [ "discord-probe" ], "tags": [ "beats_input_codec_json_applied" ], "net_info.src_agg": [ "private-class-a.internet" ], "fileinfo.type.raw": [ "PNG image data" ], "metadata.flowbits.raw": [ "ET.tcpraw.png" ], "see_name": [ "STS-500-QALAB-SSP" ], "net_info.dest_agg": [ "internet" ], "net_info.dest": [ "Internet" ], "agent.id": [ "9f305fa4-6db1-485c-81f9-598dce1469e3" ], "dest_ip": [ "145.14.145.99" ], "agent.id.raw": [ "9f305fa4-6db1-485c-81f9-598dce1469e3" ], "agent.hostname.raw": [ "discord-probe" ], "input.type.keyword": [ "log" ], "fileinfo.type": [ "PNG image data" ], "tags.keyword": [ "beats_input_codec_json_applied" ], "fileinfo.filename.keyword": [ "screenshot2_BREAUX-WIN7-PC.jpeg" ], "see_id.raw": [ "6c2b59a0d0f2" ], "net_info.dest.keyword": [ "Internet" ], "fileinfo.mimetype": [ "image/png" ], "in_iface.keyword": [ "tppdummy0" ], "agent.type": [ "filebeat" ], "logger.raw": [ "logstash-manager" ], "fileinfo.filename": [ "screenshot2_BREAUX-WIN7-PC.jpeg" ], "ether.src_mac.raw": [ "84:8f:69:09:86:c0" ], "ether.src_mac.keyword": [ "84:8f:69:09:86:c0" ], "app_proto.raw": [ "ftp-data" ], "agent.name.raw": [ "discord-probe" ], "timestamp": [ "2023-11-13T08:36:07.926Z" ], "agent.type.keyword": [ "filebeat" ], "agent.ephemeral_id.keyword": [ "f52d24b5-59cf-42fb-9aeb-cde609212624" ], "agent.name.keyword": [ "discord-probe" ], "net_info.dest_agg.raw": [ "internet" ], "fileinfo.state.raw": [ "TRUNCATED" ], "fileinfo.state.keyword": [ "TRUNCATED" ], "agent.ephemeral_id.raw": [ "f52d24b5-59cf-42fb-9aeb-cde609212624" ], "agent.type.raw": [ "filebeat" ], "@timestamp": [ "2023-11-13T08:36:07.926Z" ], "net_info.dest_agg.keyword": [ "internet" ], "log.file.path": [ "/var/log/suricata/eve-0.json" ], "fileinfo.filename.raw": [ "screenshot2_BREAUX-WIN7-PC.jpeg" ], "agent.ephemeral_id": [ "f52d24b5-59cf-42fb-9aeb-cde609212624" ], "fileinfo.size": [ 1048280 ], "see_id": [ "6c2b59a0d0f2" ], "fileinfo.mimetype.raw": [ "image/png" ], "metadata.flowbits": [ "ET.tcpraw.png" ], "ether.dest_mac.keyword": [ "20:e5:2a:b6:93:f1" ], "net_info.src_agg.keyword": [ "private-class-a.internet" ], "fileinfo.tx_id": [ 0 ], "agent.hostname.keyword": [ "discord-probe" ], "see_id.keyword": [ "6c2b59a0d0f2" ], "proto.keyword": [ "TCP" ], "see_name.keyword": [ "STS-500-QALAB-SSP" ], "type.keyword": [ "json-log" ], "flow_id": [ 2031610361435835 ], "fileinfo.gaps": [ false ], "host": [ "discord-probe" ], "fileinfo.type.keyword": [ "PNG image data" ], "host.keyword": [ "discord-probe" ], "agent.version.raw": [ "7.17.10" ], "dest_port": [ 35396 ], "tags.raw": [ "beats_input_codec_json_applied" ], "fileinfo.state": [ "TRUNCATED" ], "log.offset": [ 1947701741 ], "input.type.raw": [ "log" ], "app_proto.keyword": [ "ftp-data" ], "dest_ip.keyword": [ "145.14.145.99" ], "parent_id": [ 2018400277376940 ], "logger.keyword": [ "logstash-manager" ], "proto": [ "TCP" ], "alerted": [ true ], "log.file.path.raw": [ "/var/log/suricata/eve-0.json" ], "ether.dest_mac.raw": [ "20:e5:2a:b6:93:f1" ], "agent.version": [ "7.17.10" ], "see_name.raw": [ "STS-500-QALAB-SSP" ], "fileinfo.magic.raw": [ "PNG image data, 1440 x 900, 8-bit/color RGBA, non-interlaced" ], "net_info.src": [ "Private class A", "Internet" ], "ether.dest_mac": [ "20:e5:2a:b6:93:f1" ], "event_type.keyword": [ "fileinfo" ], "fileinfo.mimetype.keyword": [ "image/png" ], "src_ip": [ "10.0.0.227" ], "fileinfo.stored": [ false ], "net_info.src_agg.raw": [ "private-class-a.internet" ], "@version": [ "1" ], "src_ip.keyword": [ "10.0.0.227" ], "log.file.path.keyword": [ "/var/log/suricata/eve-0.json" ], "net_info.dest.raw": [ "Internet" ], "host.raw": [ "discord-probe" ], "metadata.flowbits.keyword": [ "ET.tcpraw.png" ], "type.raw": [ "json-log" ], "dest_ip.raw": [ "145.14.145.99" ], "app_proto": [ "ftp-data" ], "fileinfo.magic": [ "PNG image data, 1440 x 900, 8-bit/color RGBA, non-interlaced" ], "net_info.src.keyword": [ "Private class A", "Internet" ], "in_iface": [ "tppdummy0" ], "src_port": [ 49215 ], "event_type.raw": [ "fileinfo" ], "src_ip.raw": [ "10.0.0.227" ], "fileinfo.magic.keyword": [ "PNG image data, 1440 x 900, 8-bit/color RGBA, non-interlaced" ] } }