{ "_index": "logstash-fileinfo-2023.11.13", "_type": "_doc", "_id": "lA7ByIsBmjVXQHqtgRGN", "_version": 1, "_score": 1, "_source": { "logger": "logstash-manager", "tenant": 9, "fileinfo": { "gaps": false, "sid": [], "stored": false, "tx_id": 0, "sha256": "138f012ce2a236be4d983f1b621efc5a968a6ea37927c49b37fe39e70bc80d29", "state": "CLOSED", "size": 622592, "filename": "/meta/21.exe", "type": "PE32 executable (GUI) Intel 80386", "mimetype": "application/x-executable", "magic": "PE32 executable (GUI) Intel 80386, for MS Windows" }, "input": { "type": "log" }, "proto": "TCP", "http": { "user_agent": { "os_major": "95", "os_version": "95", "os": "Windows", "name": "Other", "device": "Spider", "os_name": "Windows", "os_full": "Windows 95" }, "hostname": "www.tinystudiocollective.com", "url": "/meta/21.exe", "http_user_agent": "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)", "server": "Apache", "http_content_type": "application/x-msdownload", "length": 622592, "protocol": "HTTP/1.1", "status": 200, "http_method": "GET" }, "agent": { "ephemeral_id": "f52d24b5-59cf-42fb-9aeb-cde609212624", "id": "9f305fa4-6db1-485c-81f9-598dce1469e3", "hostname": "discord-probe", "name": "discord-probe", "version": "7.17.10", "type": "filebeat" }, "timestamp": "2023-11-13T13:59:12.474607+0100", "net_info": { "dest_agg": "private-class-a.internet", "src_agg": "internet", "src": [ "Internet" ], "dest": [ "Private class A", "Internet" ] }, "tags": [ "beats_input_codec_json_applied" ], "hostname_info": { "url": "www.tinystudiocollective.com", "tld": "com", "domain_without_tld": "tinystudiocollective", "domain": "tinystudiocollective.com", "host": "www.tinystudiocollective.com", "subdomain": "www" }, "log": { "offset": 27293919, "file": { "path": "/var/log/suricata/eve-0.json" } }, "ether": {}, "flow_id": 1383966597992049, "src_ip": "162.241.24.101", "host": "discord-probe", "see_name": "STS-500-QALAB-SSP", "event_type": "fileinfo", "alerted": true, "type": "json-log", "dest_ip": "10.12.10.102", "dest_port": 49158, "@version": "1", "in_iface": "tppdummy0", "@timestamp": "2023-11-13T12:59:12.474Z", "src_port": 80, "app_proto": "http", "see_id": "6c2b59a0d0f2", "metadata": { "flowbits": [ "et.WinHttpRequest", "ET.nemucod.exerequest", "exe.no.referer", "ET.http.binary" ] } }, "fields": { "agent.version.keyword": [ "7.17.10" ], "hostname_info.host.keyword": [ "www.tinystudiocollective.com" ], "logger": [ "logstash-manager" ], "fileinfo.sha256.raw": [ "138f012ce2a236be4d983f1b621efc5a968a6ea37927c49b37fe39e70bc80d29" ], "http.url": [ "/meta/21.exe" ], "type": [ "json-log" ], "hostname_info.tld.raw": [ "com" ], "proto.raw": [ "TCP" ], "hostname_info.tld": [ "com" ], "event_type": [ "fileinfo" ], "http.user_agent.os_full.raw": [ "Windows 95" ], "http.protocol.keyword": [ "HTTP/1.1" ], "in_iface.raw": [ "tppdummy0" ], "agent.name": [ "discord-probe" ], "EveBox": [ 1383966597992049 ], "tenant": [ 9 ], "net_info.src.raw": [ "Internet" ], "hostname_info.url.keyword": [ "www.tinystudiocollective.com" ], "agent.id.keyword": [ "9f305fa4-6db1-485c-81f9-598dce1469e3" ], "fileinfo.sha256.keyword": [ "138f012ce2a236be4d983f1b621efc5a968a6ea37927c49b37fe39e70bc80d29" ], "input.type": [ "log" ], "agent.hostname": [ "discord-probe" ], "http.user_agent.os_name": [ "Windows" ], "http.length": [ 622592 ], "tags": [ "beats_input_codec_json_applied" ], "net_info.src_agg": [ "internet" ], "http.hostname": [ "www.tinystudiocollective.com" ], "http.user_agent.device": [ "Spider" ], "fileinfo.type.raw": [ "PE32 executable (GUI) Intel 80386" ], "metadata.flowbits.raw": [ "et.WinHttpRequest", "ET.nemucod.exerequest", "exe.no.referer", "ET.http.binary" ], "see_name": [ "STS-500-QALAB-SSP" ], "http.user_agent.os_full": [ "Windows 95" ], "net_info.dest_agg": [ "private-class-a.internet" ], "net_info.dest": [ "Private class A", "Internet" ], "agent.id": [ "9f305fa4-6db1-485c-81f9-598dce1469e3" ], "dest_ip": [ "10.12.10.102" ], "http.http_user_agent.keyword": [ "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" ], "http.http_user_agent": [ "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" ], "agent.id.raw": [ "9f305fa4-6db1-485c-81f9-598dce1469e3" ], "agent.hostname.raw": [ "discord-probe" ], "input.type.keyword": [ "log" ], "fileinfo.type": [ "PE32 executable (GUI) Intel 80386" ], "http.http_method": [ "GET" ], "http.user_agent.os_major.keyword": [ "95" ], "tags.keyword": [ "beats_input_codec_json_applied" ], "http.http_method.raw": [ "GET" ], "http.user_agent.name.raw": [ "Other" ], "fileinfo.filename.keyword": [ "/meta/21.exe" ], "see_id.raw": [ "6c2b59a0d0f2" ], "net_info.dest.keyword": [ "Private class A", "Internet" ], "http.hostname.keyword": [ "www.tinystudiocollective.com" ], "hostname_info.subdomain": [ "www" ], "fileinfo.mimetype": [ "application/x-executable" ], "http.http_method.keyword": [ "GET" ], "in_iface.keyword": [ "tppdummy0" ], "hostname_info.subdomain.keyword": [ "www" ], "http.user_agent.os_major.raw": [ "95" ], "agent.type": [ "filebeat" ], "http.http_user_agent.raw": [ "Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)" ], "logger.raw": [ "logstash-manager" ], "fileinfo.filename": [ "/meta/21.exe" ], "app_proto.raw": [ "http" ], "agent.name.raw": [ "discord-probe" ], "timestamp": [ "2023-11-13T12:59:12.474Z" ], "agent.type.keyword": [ "filebeat" ], "agent.ephemeral_id.keyword": [ "f52d24b5-59cf-42fb-9aeb-cde609212624" ], "agent.name.keyword": [ "discord-probe" ], "hostname_info.url.raw": [ "www.tinystudiocollective.com" ], "http.http_content_type.raw": [ "application/x-msdownload" ], "http.user_agent.os_version": [ "95" ], "net_info.dest_agg.raw": [ "private-class-a.internet" ], "hostname_info.domain": [ "tinystudiocollective.com" ], "fileinfo.state.raw": [ "CLOSED" ], "http.user_agent.os_version.raw": [ "95" ], "fileinfo.state.keyword": [ "CLOSED" ], "http.user_agent.os_name.raw": [ "Windows" ], "agent.ephemeral_id.raw": [ "f52d24b5-59cf-42fb-9aeb-cde609212624" ], "agent.type.raw": [ "filebeat" ], "@timestamp": [ "2023-11-13T12:59:12.474Z" ], "http.url.keyword": [ "/meta/21.exe" ], "net_info.dest_agg.keyword": [ "private-class-a.internet" ], "log.file.path": [ "/var/log/suricata/eve-0.json" ], "fileinfo.filename.raw": [ "/meta/21.exe" ], "agent.ephemeral_id": [ "f52d24b5-59cf-42fb-9aeb-cde609212624" ], "hostname_info.domain.raw": [ "tinystudiocollective.com" ], "fileinfo.size": [ 622592 ], "see_id": [ "6c2b59a0d0f2" ], "hostname_info.host": [ "www.tinystudiocollective.com" ], "http.user_agent.os_major": [ "95" ], "fileinfo.mimetype.raw": [ "application/x-executable" ], "http.server": [ "Apache" ], "metadata.flowbits": [ "et.WinHttpRequest", "ET.nemucod.exerequest", "exe.no.referer", "ET.http.binary" ], "http.hostname.raw": [ "www.tinystudiocollective.com" ], "net_info.src_agg.keyword": [ "internet" ], "fileinfo.tx_id": [ 0 ], "http.url.raw": [ "/meta/21.exe" ], "hostname_info.url": [ "www.tinystudiocollective.com" ], "hostname_info.domain.keyword": [ "tinystudiocollective.com" ], "agent.hostname.keyword": [ "discord-probe" ], "see_id.keyword": [ "6c2b59a0d0f2" ], "http.user_agent.os.keyword": [ "Windows" ], "proto.keyword": [ "TCP" ], "see_name.keyword": [ "STS-500-QALAB-SSP" ], "type.keyword": [ "json-log" ], "flow_id": [ 1383966597992049 ], "fileinfo.gaps": [ false ], "host": [ "discord-probe" ], "fileinfo.type.keyword": [ "PE32 executable (GUI) Intel 80386" ], "hostname_info.subdomain.raw": [ "www" ], "http.user_agent.name": [ "Other" ], "host.keyword": [ "discord-probe" ], "agent.version.raw": [ "7.17.10" ], "dest_port": [ 49158 ], "tags.raw": [ "beats_input_codec_json_applied" ], "http.server.keyword": [ "Apache" ], "fileinfo.state": [ "CLOSED" ], "log.offset": [ 27293919 ], "input.type.raw": [ "log" ], "hostname_info.domain_without_tld.keyword": [ "tinystudiocollective" ], "app_proto.keyword": [ "http" ], "dest_ip.keyword": [ "10.12.10.102" ], "logger.keyword": [ "logstash-manager" ], "proto": [ "TCP" ], "alerted": [ true ], "log.file.path.raw": [ "/var/log/suricata/eve-0.json" ], "agent.version": [ "7.17.10" ], "http.user_agent.os": [ "Windows" ], "see_name.raw": [ "STS-500-QALAB-SSP" ], "hostname_info.domain_without_tld": [ "tinystudiocollective" ], "fileinfo.magic.raw": [ "PE32 executable (GUI) Intel 80386, for MS Windows" ], "net_info.src": [ "Internet" ], "hostname_info.domain_without_tld.raw": [ "tinystudiocollective" ], "http.server.raw": [ "Apache" ], "event_type.keyword": [ "fileinfo" ], "http.user_agent.name.keyword": [ "Other" ], "http.http_content_type": [ "application/x-msdownload" ], "fileinfo.mimetype.keyword": [ "application/x-executable" ], "http.user_agent.os_full.keyword": [ "Windows 95" ], "src_ip": [ "162.241.24.101" ], "fileinfo.stored": [ false ], "http.user_agent.os_name.keyword": [ "Windows" ], "net_info.src_agg.raw": [ "internet" ], "@version": [ "1" ], "http.protocol.raw": [ "HTTP/1.1" ], "src_ip.keyword": [ "162.241.24.101" ], "log.file.path.keyword": [ "/var/log/suricata/eve-0.json" ], "net_info.dest.raw": [ "Private class A", "Internet" ], "http.user_agent.os_version.keyword": [ "95" ], "host.raw": [ "discord-probe" ], "hostname_info.tld.keyword": [ "com" ], "metadata.flowbits.keyword": [ "et.WinHttpRequest", "ET.nemucod.exerequest", "exe.no.referer", "ET.http.binary" ], "type.raw": [ "json-log" ], "http.user_agent.device.keyword": [ "Spider" ], "http.protocol": [ "HTTP/1.1" ], "dest_ip.raw": [ "10.12.10.102" ], "app_proto": [ "http" ], "fileinfo.sha256": [ "138f012ce2a236be4d983f1b621efc5a968a6ea37927c49b37fe39e70bc80d29" ], "fileinfo.magic": [ "PE32 executable (GUI) Intel 80386, for MS Windows" ], "net_info.src.keyword": [ "Internet" ], "in_iface": [ "tppdummy0" ], "src_port": [ 80 ], "http.user_agent.os.raw": [ "Windows" ], "event_type.raw": [ "fileinfo" ], "src_ip.raw": [ "162.241.24.101" ], "fileinfo.magic.keyword": [ "PE32 executable (GUI) Intel 80386, for MS Windows" ], "http.http_content_type.keyword": [ "application/x-msdownload" ], "http.user_agent.device.raw": [ "Spider" ], "hostname_info.host.raw": [ "www.tinystudiocollective.com" ], "http.status": [ 200 ] } }