{
  "@version": "1",
  "payload_printable": "............U.Y.............R.........K..WP ........\\1*..i!T.....p..+..6p.eZ.(.....,.+.0./.$.#.(.'.\n...........=.<.5./.............jahojahi.com..........+........\r.............................#...\n...........3.&.$... ...\"..=$.`qr.F.s.fo..........8%$.1............-....",
  "src_ip": "10.8.9.101",
  "stream": 1,
  "net_info": {},
  "geoip": {
    "registered_country": {
      "name": "United States",
      "geoname_id": 6252001,
      "iso_code": "US"
    },
    "country_name": "United States",
    "country": {
      "name": "United States",
      "geoname_id": 6252001,
      "iso_code": "US"
    },
    "subdivisions": [
      {
        "name": "Illinois",
        "geoname_id": 4896861,
        "iso_code": "IL"
      }
    ],
    "country_code2": "US",
    "city_name": "Rolling Meadows",
    "provider": {
      "autonomous_system_number": 396190,
      "autonomous_system_organization": "Leaseweb USA, Inc."
    },
    "timezone": "America/Chicago",
    "city": {
      "name": "Rolling Meadows",
      "geoname_id": 4908052
    },
    "longitude": -88.0185,
    "country_code3": "US",
    "postal": {
      "code": "60008"
    },
    "latitude": 42.0678,
    "continent_code": "NA",
    "coordinate": [
      -88.0185,
      42.0678
    ],
    "ip": "23.106.215.64",
    "location": {
      "lat": 42.0678,
      "lon": -88.0185
    },
    "continent": {
      "name": "North America",
      "geoname_id": 6255149,
      "code": "NA"
    }
  },
  "type": "json-log",
  "dest_port": 443,
  "app_proto": "tls",
  "agent": {
    "type": "filebeat",
    "id": "9f305fa4-6db1-485c-81f9-598dce1469e3",
    "hostname": "SSProbe-1",
    "version": "7.17.10",
    "name": "SSProbe-1",
    "ephemeral_id": "1809c2b3-d613-46fb-8315-a136a6e88b06"
  },
  "payload": "FgMBAQcBAAEDAwOzVRRZ1ITuldKBxOcLtqCaHFK1h42ZvOy8y8pLpN9XUCAXx7aKmMGlH1wxKoXbaSFUG7ka6qNwH6srse42cN5lWgAoEwITAcAswCvAMMAvwCTAI8AowCfACsAJwBTAEwCdAJwAPQA8ADUALwEAAJIAAAARAA8AAAxqYWhvamFoaS5jb20ABQAFAQAAAAAAKwAFBAMEAwMADQAaABgIBAgFCAYEAQUBAgEEAwUDAgMCAgYBBgMAIwAAAAoACAAGAB0AFwAYADMAJgAkAB0AIMnR/CL2Bz0kDGBxcgRG6XO/Zm/inoQYoQLzt4HOOCUkADEAAAAXAAD/AQABAAAtAAIBAQ==",
  "event_type": "alert",
  "src_port": 58705,
  "packet": "IOUqtpPxAAgCHEeuCABFAAAoMi9AAIAGxokKCAllF2rXQOVRAbvJPL4rV0UqA1AQ//+9/wAA",
  "flow_id": 1853156691985436,
  "capture_file": "/var/log/suricata/pcaps//log-1698371974-1.pcap",
  "host": "SSProbe-1",
  "tags": [
    "beats_input_codec_json_applied"
  ],
  "tx_id": 0,
  "@timestamp": "2023-10-27T02:06:46.945Z",
  "tls": {
    "cipher_security": "recommended",
    "cipher_suite": "TLS_AES_256_GCM_SHA384",
    "sni": "jahojahi.com",
    "version": "TLS 1.3",
    "ja3": {
      "hash": "3c293bdf2a25c07559b560ba86debc77",
      "agent": [
        "Mozilla/6.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.87 Safari/537.36"
      ],
      "string": "771,4866-4865-49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47,0-5-43-13-35-10-51-49-23-65281-45,29-23-24,"
    },
    "ja3s": {
      "string": "771,4866,43-51",
      "hash": "15af977ce25de452b96affa2addb1036"
    }
  },
  "input": {
    "type": "log"
  },
  "proto": "TCP",
  "tenant": 21,
  "log": {
    "file": {
      "path": "/var/log/suricata/eve-discovery-0.json"
    },
    "offset": 185017471
  },
  "dest_ip": "23.106.215.64",
  "metadata": {
    "flowbits": [
      "stamus.sightings"
    ]
  },
  "alert": {
    "metadata": {
      "provider": [
        "Stamus"
      ],
      "sightings_key": [
        "tls.sni"
      ],
      "updated_at": [
        "2023_01_09"
      ],
      "stamus_classification": [
        "stamus_sightings"
      ],
      "sightings_asset": [
        "src_ip"
      ],
      "created_at": [
        "2022_01_25"
      ]
    },
    "source": {
      "ip": "23.106.215.64",
      "port": 443
    },
    "severity": 3,
    "rev": 2,
    "signature_id": 3120003,
    "category": "Unknown Traffic",
    "signature": "SN SIGHTINGS Newly discovered TLS SNI servers not seen",
    "action": "allowed",
    "target": {
      "ip": "10.8.9.101",
      "port": 58705
    },
    "gid": 1
  },
  "hostname_info": {
    "domain_without_tld": "jahojahi",
    "url": "jahojahi.com",
    "tld": "com",
    "domain": "jahojahi.com",
    "host": "jahojahi.com"
  },
  "timestamp": "2023-10-27T04:06:46.945678+0200",
  "alerted": true,
  "in_iface": "tppdummy0",
  "packet_info": {
    "linktype": 1
  },
  "discovery": {
    "asset_role": [],
    "key": "tls.sni",
    "asset": "10.8.9.101",
    "value": "jahojahi.com",
    "asset_net": null
  },
  "logger": "logstash-manager",
  "ether": {
    "src_mac": "00:08:02:1c:47:ae",
    "dest_mac": "20:e5:2a:b6:93:f1"
  },
  "flow": {
    "start": "2023-10-27T04:06:46.890223+0200",
    "bytes_toclient": 586,
    "bytes_toserver": 938,
    "src_ip": "10.8.9.101",
    "pkts_toserver": 7,
    "pkts_toclient": 6,
    "src_port": 58705,
    "dest_ip": "23.106.215.64",
    "dest_port": 443
  },
  "_id": "peDjbosB5E6z3zvuZ5KN"
}